Any feedback on this ? I'm a little concerned about that...
2013/9/23 Jérôme LELEU <[email protected]> > Hi, > > I've done more testing on CAS server 4.0.0-RC2 and get a strange > behaviour. I hope I'm mistaken. > > I wanted to test the /serviceValidate response : so I set a service with > anonymousAccess = true and ignoreAttributes = false. I was expected to get > a response with an anonymous identifier and no attributes but I get a real > identifier and all attributes. > I did some debugging here : > https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/CentralAuthenticationServiceImpl.java#L451 > . > At that point, the *modifiedPrincipal* is good (anonymous identifier and > no attributes) but the first principal of the chained authentications is > with a real identifier and all attributes. > Is this the expected behaviour ? To keep the "real" principal in the > chained authentications of the TGT ? > > The problem is that the successful JSP : > https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/3.0/casServiceValidationSuccess.jsp#L39 > uses > this principal of the last chained authentication instead of the primary > principal (in the Assertion : > https://github.com/Jasig/cas/blob/master/cas-server-webapp-support/src/main/java/org/jasig/cas/web/ServiceValidateController.java#L146) > to return the attributes. > Shouldn't we use the primary authentication here ? > > By the way, I used an attribute name with a French accent and it doesn't > work as the attribute name is output directly in the XML response : > <cas:prénom>... > Do we assume that it should never happen ? Or clean attribute names ? > > Thanks for your help. > Best regards, > Jérôme > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
