On 10/14/2016 12:15 PM, Baron Fujimoto wrote:
> The /cas/samlValidate endpoint has returned attributes via SAML for a
> long time in CAS. It's still present in 5.x.
>
> <
https://apereo.github.io/cas/development/protocol/CAS-Protocol-Specification.html#samlvalidate-cas-30>
>
> I haven't tried it yet, but /p3/serviceValidate should also return
> attributes via XML or JSON.
>
> <
https://apereo.github.io/cas/development/protocol/CAS-Protocol-Specification.html#p3servicevalidate-cas-30>
>
> -baron
Yeah, most of our stuff does SAML 1.1. I know some vendors were
specifically doing CAS 2.0, and expecting attribute return. You used to
be able to hack something into the xslt to have it put the attributes
there in an extension that some of the CAS clients understood.
I did see that CAS 3.0 supports attributes. It might just come down to
pointing them at that validator. It also might come down to having them
upgrade. The unfortunate part is that the list of vendors needing this
has been lost to time. I should be able to look at the logs and see who
is hitting the CAS validation endpoint over the SAML one, and go from
there.
I'm guessing that since there is an officially supported version of the
protocol that does attribute return, the "easy" hack of adding it in is
no longer easy.