CAS protocol violation

Marvin Addison marvin.addison at
Mon Mar 12 17:47:03 EDT 2018

On Mon, Mar 12, 2018 at 4:51 PM Andrew Morgan <morgan at> wrote:

> It appears that Shibboleth v3.3.1 does not generate Service Tickets that
> are compliant with the CAS Protocol specification....

The IdP CAS protocol support targets the v2 specification [1] that puts no
restrictions on ticket entity character sets.

This issue was also identified in

Did you try Dave's patch? I'm pretty sure the issue is "fixed" but we're
waiting for some positive feedback before merging his patch. Your feedback
would be helpful to moving it along.

Personally, I'm not too keen on trying to make the EncodingTicketService
compatible with such a restrictive character set as defined in the v3
protocol spec. I suppose we don't _have_ to use a baseN encoding scheme,
but it's a justifiable choice that is non-compliant due to the '=' padding


<users-unsubscribe at>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list