Hello,
We have two SAML services on CAS 5.3.x (yes, I know we need to get to 6.3.x
STAT) that stopped working suddenly with behavior identical to this thread:
https://groups.google.com/a/apereo.org/g/cas-user/c/fc_biQnh1l4
The kicker is that we haven't rebuilt the cas.war file recently, and the
behavior only began happening very recently.
One of the services maps the mail attribute to a SOAP schema:
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"sn" : "User.LastName",
"givenName" : "User.FirstName",
"mail" : "
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";
}
}
(note the : that others mentioned)
And the other uses friendlyNames:
"attributeFriendlyNames": {
"@class": "java.util.HashMap",
"urn:oid:1.3.6.1.4.1.5923.1.1.1.6": "eduPersonPrincipalName",
"urn:oid:1.3.6.1.4.1.5923.1.1.1.9": "eduPersonScopedAffiliation"
},
Again, these have worked for several months, and the compiled CAS binary
hasn't changed in some time. The only thing that changed was the java
binary itself via system updates on July 23, which coincides with this in
the behavior beginning. It appears that this has somehow affected the
attribute encoding.
Apart from rolling back the openjdk RPMs and cutting over to 6.3.x
spontaneously, does anyone have any ideas for workarounds for this
behavior?
Thank you,
Mike
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHW9aOqhQN%2BS%2BGhq_YdUz-jAywxzOQvEYk_%3DOPG6ezRZbw%40mail.gmail.com.
