[cas-dev] CAS 3.1-M1 SAMLException
Scott Battaglia
scott.battaglia at gmail.com
Thu Feb 8 11:31:22 EST 2007
Marvin,
I think I found the problem. When doing the /samlValidate call, the
TicketValidator does not encode the artifact. I'm going to commit that
change soon (I have a few other things to commit). You should be able to
just edit the constructUrl method to encode that artifact if you want to try
it out quickly.
-Scott
On 2/7/07, Marvin Addison <serac at vt.edu> wrote:
>
> Scott,
>
> I have done several successful authentication/service redirects, as well
> as several unsuccessful ones that all fail in the same way. The only
> difference I can tell is that SAMLArt parameters containing + characters
> are problematic. Some test data:
>
> Failed:
> AAKfDN+4yGR0XRm6jY+dz7ViPUhA+Gh0dHBzOi8vbG9jYWxob3N0Ojg0NDM=
> AAKNJ4yC+bx4mM/lz55ECTRwUVIdpGh0dHBzOi8vbG9jYWxob3N0Ojg0NDM=
> AAIYG64MrQ2+793pMM8J0sRjXf6uG2h0dHBzOi8vbG9jYWxob3N0Ojg0NDM=
> AALM4n7XSKMpsEsEKaC+7xV4AKDDAmh0dHBzOi8vbG9jYWxob3N0Ojg0NDM=
>
> Succeeded:
> AAJcOIMpspJO9SYVyAHXNMgiud2il2h0dHBzOi8vbG9jYWxob3N0Ojg0NDM=
> AALmOgt59Gyf88dI1LX09eYvxaKyl2h0dHBzOi8vbG9jYWxob3N0Ojg0NDM=
> AAKbL8ZXLHjAn7jhsV1y/2CtVerHTmh0dHBzOi8vbG9jYWxob3N0Ojg0NDM=
> AAJOOhedOCWgWVcgk5LfsQKVwFAgE2h0dHBzOi8vbG9jYWxob3N0Ojg0NDM=
>
> The tests above represent 8 straight runs, so 50% failure. In all
> failure cases, the + characters become spaces when Saml10TicketValidator
> parses the InResponseTo attribute of the SAML Response element at the
> client. The SAXParserException in particular is thrown due to schema
> validation errors since InResponseTo is a NCName, which can't contain
> spaces:
>
> The xsd:NCName simple type is used in SAML to reference identifiers of
> type xsd:ID
>
> Any ideas what's going on here?
>
> Thanks,
> Marvin
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20070208/4db38c21/attachment.html
More information about the cas-dev
mailing list