serviceValidate content-type

[Tom Poage]

We're staging CAS 5.1 and noticed the serviceValidate end point is returning Content-Type: text/html.

Our CAS 4.2 instance returns application/xml from serviceValidate.

I don't see Content-Type in the protocol specification other than saying the response is XML-formatted.

What type should the response be? text/xml? Something else?

If it's supposed to be something different than text/html, where can we set/override this in the code?

Thanks.
Tom.

[Tom Poage]

Ping.

We found where to set in the code. Question is: what should the response type be?

Tom.

> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/DCDBACBB-6CFF-4E9C-AAFC-222EF1CE0B79%40ucdavis.edu.

[Uxío Prego]

According http://www.ietf.org/rfc/rfc2376.txt via
https://stackoverflow.com/a/2965701/1737973 probably either 'text/xml' or
'application/xml'. Does transmitting 'text/html' cause a problem?

> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6DFD05AE-18E8-41ED-8CF2-222051124693%40ucdavis.edu.

[Tom Poage]

> On Jun 30, 2017, at 12:32 PM, Uxío Prego <upr...@madiva.com> wrote:
>
> According http://www.ietf.org/rfc/rfc2376.txt via
> https://stackoverflow.com/a/2965701/1737973 probably either 'text/xml' or
> 'application/xml'. Does transmitting 'text/html' cause a problem?

Not sure. We have several hundred CAS clients; some are locally-developed, I think.

Every major CAS upgrade has been an adventure for our CAS clients. No doubt, someone decided that it was a good idea to check that 'serviceValidate' is an 'xml' content types.

I'm looking for a (semi-)official statement of which CAS server responses are defined as "xml", "html", don't-care, or undefined. That way we have something to reference if we get called out on the change from application/xml to text/html between CAS 4 and CAS 5.

Thanks!
Tom.

[Petr Bodnár]

Hi Tom,

thanks for pointing out this problem, we've run into the same issue now in the latest 6.6.x.

So here are my findings for those still running on CAS 5 or CAS 6:

1. CAS 4 always returned "application/xml" in all the responses.
2. CAS 5 migrated to using Thymeleaf and with this change, it also started to return its default Content-Type, which is "text/html".
3. CAS 6.3 went a bit further and started to return "text/html" just from cas2ServiceFailureView a cas3SuccessView. See https://github.com/apereo/cas/commit/6631fceb93 (ignore the commit's message).
4. CAS 7 seems to revert back to CAS 4 behavior in https://github.com/apereo/cas/commit/89fa5aee6a (again, don't get mislead by the commit message).

In our environment, there are applications which rely on that service validation responses will always be a proper XML document with a proper Content-Type header. So we simply always return "application/xml". And after we upgrade to CAS 7, we can probably safely throw away this customization of the CasValidationConfiguration class.

That said, the problem seems to be resolved in CAS 7 and the changes done in 5 and 6.3 were hopefully not quite intentional. Hopefully Misagh could confirm...