There is also this which might point you to the right direction: https://github.com/Unicon/cas-addons/wiki/Disabling-SAML-namespaces-from-a ssertions
From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: Wednesday, November 12, 2014 1:05 PM To: cas-user@lists.jasig.org Subject: RE: [cas-user] SAML 1.1 assertion XML namespace Best think you can do is to ask the SP to make the change on their end. This is not an easy feat to take care of on your side, and would require some extensive mods perhaps to make this work and make it be a per-RP thing. There is pending pull right now that makes this sort of thing easier for the next CAS release. If you end up making the change, you may want to use that as a starting point. From: Carlos Fernandez [mailto:cfern...@sju.edu] Sent: Wednesday, November 12, 2014 12:06 PM To: cas-user@lists.jasig.org Subject: [cas-user] SAML 1.1 assertion XML namespace Good afternoon, We have a service provider with whom were trying to set up SAML 1.1 SSO to our CAS server. After a lot of going back and forth, weve reached a point where they finally can validate the SAML artifact and get a response from /samlValidate (we knew it worked on our end since we have other apps using SAML). Now they say that they cant process the SAML assertion in the response since CAS sends it using the saml1p namespace, while their code expects samlp. Now, this leads me to believe that theyre not using a standard XML parser but instead hacked a custom parser. Before I go and tell them to fix their parser, Id like to see if I can do something easy on my end to make CAS spit out a different namespace in the assertion. I noticed that the namespace comes from the SAMLConstants class in the OpenSAML jar, however I cannot yet figure out how it gets to CAS my guess is in AbstractSaml10ResponseView.java through the OpenSAML Response class. Will any of this be worthwhile? Im not sure its recommended its set as a constant in OpenSAML for a reason, I suppose. Id like to tell the service provider to fix their code, which theyve already done for other things (e.g., overloading the TARGET parameter for something unrelated to SAML). What would you suggest? Thanks in advance, -- Carlos M. Fernández Enterprise Systems Manager Saint Josephs University Philadelphia PA 19131 T: +1 610 660 1501 -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
