CAS protocol violation
Marvin Addison
marvin.addison at gmail.com
Mon Mar 12 17:47:03 EDT 2018
On Mon, Mar 12, 2018 at 4:51 PM Andrew Morgan <morgan at orst.edu> wrote:
> It appears that Shibboleth v3.3.1 does not generate Service Tickets that
> are compliant with the CAS Protocol specification....
>
> https://apereo.github.io/cas/development/protocol/CAS-Protocol-Specification.html#37-ticket-and-ticket-granting-cookie-character-set
The IdP CAS protocol support targets the v2 specification [1] that puts no
restrictions on ticket entity character sets.
This issue was also identified in
> https://github.com/apereo/mod_auth_cas/issues/134
Did you try Dave's patch? I'm pretty sure the issue is "fixed" but we're
waiting for some positive feedback before merging his patch. Your feedback
would be helpful to moving it along.
Personally, I'm not too keen on trying to make the EncodingTicketService
compatible with such a restrictive character set as defined in the v3
protocol spec. I suppose we don't _have_ to use a baseN encoding scheme,
but it's a justifiable choice that is non-compliant due to the '=' padding
character.
M
[1]
https://apereo.github.io/cas/5.2.x/protocol/CAS-Protocol-V2-Specification.html
<users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180312/f8ba06f7/attachment.html>
More information about the users
mailing list