CAS protocol violation
morgan at orst.edu
Mon Mar 12 17:54:36 EDT 2018
On Mon, 12 Mar 2018, Marvin Addison wrote:
> On Mon, Mar 12, 2018 at 4:51 PM Andrew Morgan <morgan at orst.edu> wrote:
>> It appears that Shibboleth v3.3.1 does not generate Service Tickets that
>> are compliant with the CAS Protocol specification....
> The IdP CAS protocol support targets the v2 specification  that puts no
> restrictions on ticket entity character sets.
> This issue was also identified in
> Did you try Dave's patch? I'm pretty sure the issue is "fixed" but we're
> waiting for some positive feedback before merging his patch. Your feedback
> would be helpful to moving it along.
> Personally, I'm not too keen on trying to make the EncodingTicketService
> compatible with such a restrictive character set as defined in the v3
> protocol spec. I suppose we don't _have_ to use a baseN encoding scheme,
> but it's a justifiable choice that is non-compliant due to the '=' padding
I haven't tried the patch myself. My use of mod_auth_cas is v220.127.116.11 in
Debian 8. It looks like I'll have this same problem in Debian 9 though.
One of our departments on-campus is using mod_auth_cas v1.1 and ran into
At first, I thought this was a new restriction in v3 of the protocol too.
However, take a look at section 3.7 of the v2 spec... Same character
Given the character class restriction, I wonder if the patch will ever be
accepted into mod_auth_cas. :/
More information about the users