Re: /serviceValidate attributes?

78 views
Skip to first unread message

Baron Fujimoto

unread,
Mar 18, 2026, 9:34:34 PMMar 18
to CAS Community
[oops, premature send]

... later in section 2.8. CAS3 /p3/serviceValidate is described. 



On Wed, Mar 18, 2026 at 11:16 AM Baron Fujimoto <ba...@hawaii.edu> wrote:
Am I misremembering that in CAS protocol v2, /serviceValidate did not return attributes – that basically it was an update to CAS1 /validate using an XML response? If you wanted attributes, in CAS2, you had to use /samlValidate and got a SAML1.1 response? And CAS3 introduced /p3/serviceValidate to provide attributes in its native CAS XML schema?

The current documentation for the CAS3 protocol is perhaps(?) confusing. Section 2.5.5 references CAS3, and the example responses in 2.5.7 include attributes. But the example URLs in 2.5.6 do not include /p3 in the path. E.g. "https://cas.example.org/cas/serviceValidate?...".  Later in 2.8

--
Baron Fujimoto <ba...@hawaii.edu> ::: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum

Baron Fujimoto

unread,
Mar 18, 2026, 9:34:35 PMMar 18
to CAS Community

Petr Bodnár

unread,
Mar 21, 2026, 12:27:27 PMMar 21
to CAS Community, Baron Fujimoto
Hi Baron,

while the documentation you refer to might look confusing at the first sight, and might be a little bit brief, I think it is actually correct. When you look at https://apereo.github.io/cas/development/ux/User-Interface-Views-CASv2.html, there is this CAS configuration property:

    cas.view.cas2.v3-forward-compatible=true
    Whether v2 protocol support should be forward compatible to act like v3 and match its response, mainly for attribute release.

Which means that attributes can be returned from /serviceValidate and /proxyValidate as well - and it is the default setting since 2021.

Best regards
Petr

Baron Fujimoto

unread,
Mar 23, 2026, 3:56:27 PMMar 23
to CAS Community
Interesting, thank you for that information! It suggests perhaps that I was not misremembering though, since I think the CAS3 protocol dates back to at least 2017 I think, and this cas.view.cas2.v3-forward-compatible property, or at least its default setting is circa 2021? At any rate, I likely never would have found that on my own, since there's no obvious reference to it that I've found in the protocol or other seemingly relevant sections, and I would have had no reason to go poking around this /ux part of the documentation for something like this.
Reply all
Reply to author
Forward
0 new messages