CAS 5 RC3: /samlValidate SAML response
21 views
Skip to first unread message
Baron Fujimoto
Oct 4, 2016, 10:28:04 PM10/4/16
to CAS Users
Some of our testers are reporting differences between CAS 3.4.x and
CAS 5.0 SAML responses. Specifically, CAS 3 was returning "samlp"
whereas CAS 5 RC3 is returning "saml1p". E.g.:
<saml1p:Response InResponseTo="foo.hawaii.edu"
IssueInstant="2016-10-04T00:23:48.072Z" MajorVersion="1"
MinorVersion="1" ResponseID="_9665bc3de38234971446b1e7746d449f"
xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol">
<saml1p:Status>
<saml1p:StatusCode Value="saml1p:Success"/>
</saml1p:Status>
[...]
</saml1p:Response>
Is this the intended response? The example SAML 1.1 validation response
documented below uses "samlp" rather than "saml1p"
<https://apereo.github.io/cas/development/protocol/CAS-Protocol-Specification.html#saml-response>
-baron
--
Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
CAS 5.0 SAML responses. Specifically, CAS 3 was returning "samlp"
whereas CAS 5 RC3 is returning "saml1p". E.g.:
<saml1p:Response InResponseTo="foo.hawaii.edu"
IssueInstant="2016-10-04T00:23:48.072Z" MajorVersion="1"
MinorVersion="1" ResponseID="_9665bc3de38234971446b1e7746d449f"
xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol">
<saml1p:Status>
<saml1p:StatusCode Value="saml1p:Success"/>
</saml1p:Status>
[...]
</saml1p:Response>
Is this the intended response? The example SAML 1.1 validation response
documented below uses "samlp" rather than "saml1p"
<https://apereo.github.io/cas/development/protocol/CAS-Protocol-Specification.html#saml-response>
-baron
--
Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
Baron Fujimoto
Oct 10, 2016, 8:21:47 PM10/10/16
to CAS Users
On Tue, Oct 04, 2016 at 04:27:48PM -1000, Baron Fujimoto wrote:
>Some of our testers are reporting differences between CAS 3.4.x and
>CAS 5.0 SAML responses. Specifically, CAS 3 was returning "samlp"
>whereas CAS 5 RC3 is returning "saml1p". E.g.:
>
><saml1p:Response InResponseTo="foo.hawaii.edu"
>IssueInstant="2016-10-04T00:23:48.072Z" MajorVersion="1"
>MinorVersion="1" ResponseID="_9665bc3de38234971446b1e7746d449f"
>xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol">
> <saml1p:Status>
> <saml1p:StatusCode Value="saml1p:Success"/>
> </saml1p:Status>
> [...]
></saml1p:Response>
>
>Is this the intended response? The example SAML 1.1 validation response
>documented below uses "samlp" rather than "saml1p"
>
><https://apereo.github.io/cas/development/protocol/CAS-Protocol-Specification.html#saml-response>
Just following up on this on the off chance anyone else needs this info.
>Some of our testers are reporting differences between CAS 3.4.x and
>CAS 5.0 SAML responses. Specifically, CAS 3 was returning "samlp"
>whereas CAS 5 RC3 is returning "saml1p". E.g.:
>
><saml1p:Response InResponseTo="foo.hawaii.edu"
>IssueInstant="2016-10-04T00:23:48.072Z" MajorVersion="1"
>MinorVersion="1" ResponseID="_9665bc3de38234971446b1e7746d449f"
>xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol">
> <saml1p:Status>
> <saml1p:StatusCode Value="saml1p:Success"/>
> </saml1p:Status>
> [...]
></saml1p:Response>
>
>Is this the intended response? The example SAML 1.1 validation response
>documented below uses "samlp" rather than "saml1p"
>
><https://apereo.github.io/cas/development/protocol/CAS-Protocol-Specification.html#saml-response>
This appears to have been the result of a change introduced ca 2012. Our
legacy version of CAS (3.4.11) presumably predates the change.
<https://github.com/Jasig/mod_auth_cas/pull/51/commits/6e84455b544be0bd8a881b11420cc0faedea032a?diff=split>
Reply all
Reply to author
Forward
0 new messages