CAS Server
  1. CAS Server
  2. CAS-655

service dependent xml response not working

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 3.2.1
    • Fix Version/s: None
    • Component/s: Source Code
    • Labels:
      None
    • Environment:
      SuseLinux, apache, tomcat5.5, jdk1.6

      Description

      Recently I downloaded cas3.2.1 and began to prepare it for production
      use here at Texas A&M. Since the services management servlet with its
      attribute release is a new feature, I prepared a test to see how it
      works. I configured an allowed service and gave it a perl script that
      displays the entire xml response. What I discovered was that the desired
      attributes were not being released. I put in a log line in
      CentralAuthenticationServiceImpl.java which shows that the variable
      registeredService does indeed contain the desired attributes and the
      allowed attributes responds correctly to the control in services
      management. I do not know jsp but looking at
      casServiceValidationSuccess.jsp there does not seem to be any code for
      attribute release. It seems that right after the line

      <cas:user>$

      {fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}

      </cas:user>

      there should be lines similar to the following.

      <cas:attributes><c:forEach var="attr"
      items="$

      {assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].attributes}

      "
      varStatus="loopStatus" begin="0"
      end="$

      {fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].attributes)-1}

      "
      step="1">
      <cas:attribute><cas:name>$

      {fn:escapeXml(attr.key)}

      </cas:name>
      <cas:value>$

      {fn:escapeXml(attr.value)}

      </cas:value>
      </cas:attribute>
      </c:forEach>
      </cas:attributes>

      I ran this in casServiceValidationSuccess.jsp, and I get an attribute put in the xml response, its not the correct
      one, but it at least makes the point that we need
      something similar in casServiceValidationSuccess.jsp to transmit the
      released attributes.

        Activity

        Hide
        Robert Lewis added a comment -

        The exact code that works for me in my test to release attributes in the xml response is as follows.

        <cas:attributes>
        <c:forEach var="attr"
        items="$

        {assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}

        "
        varStatus="loopStatus" begin="0"
        end="$

        {fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].attributes)-1}

        "
        step="1">
        <cas:attribute>
        <cas:name>$

        {fn:escapeXml(attr.key)}

        </cas:name>
        <cas:value>$

        {fn:escapeXml(attr.value)}

        </cas:value>
        </cas:attribute>
        </c:forEach>
        </cas:attributes>

        Show
        Robert Lewis added a comment - The exact code that works for me in my test to release attributes in the xml response is as follows. <cas:attributes> <c:forEach var="attr" items="$ {assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes} " varStatus="loopStatus" begin="0" end="$ {fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].attributes)-1} " step="1"> <cas:attribute> <cas:name>$ {fn:escapeXml(attr.key)} </cas:name> <cas:value>$ {fn:escapeXml(attr.value)} </cas:value> </cas:attribute> </c:forEach> </cas:attributes>
        Hide
        Robert Lewis added a comment -

        We can close this issue now.

        Show
        Robert Lewis added a comment - We can close this issue now.
        Hide
        Scott Battaglia added a comment -

        Gave example code that showed where the actual attributes were.

        Robert, is there a good place in our user manual that this information could go?

        Thanks
        -Scott

        Show
        Scott Battaglia added a comment - Gave example code that showed where the actual attributes were. Robert, is there a good place in our user manual that this information could go? Thanks -Scott
        Hide
        Robert Lewis added a comment -

        Hi Scott,

        I suggest the new info and jsp code about attribute release be put in
        the user's manual appended to the attributes page,
        http://www.ja-sig.org/wiki/display/CASUM/Attributes

        as a new section maybe titled "Attribute Release"
        and put a reference to it on the "Configuring" page to let people know
        its a configuration step that needs to be done.

        Thanks,

        Robert Lewis

        Show
        Robert Lewis added a comment - Hi Scott, I suggest the new info and jsp code about attribute release be put in the user's manual appended to the attributes page, http://www.ja-sig.org/wiki/display/CASUM/Attributes as a new section maybe titled "Attribute Release" and put a reference to it on the "Configuring" page to let people know its a configuration step that needs to be done. Thanks, Robert Lewis
        Hide
        Shoji Kajita added a comment -

        I could not get all of attributes when using Robert's code above. The part for end condition

        end="$

        {fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].attributes)-1}

        "

        is wrong, and this should be

        end="$

        {fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes)-1}

        "

        Best regards,
        Shoji

        Show
        Shoji Kajita added a comment - I could not get all of attributes when using Robert's code above. The part for end condition end="$ {fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].attributes)-1} " is wrong, and this should be end="$ {fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes)-1} " Best regards, Shoji
        Hide
        Peter Mularien added a comment -

        Thank you Shoji!

        Show
        Peter Mularien added a comment - Thank you Shoji!
        Hide
        Sander Bos added a comment -

        Thank you so very much Robert and Shoji!!

        One comment though, the Java CAS client has support for extra attributes as well (accessible through (AttributePrincipal) request.getUserPrincipal().getAttributes). But it expects the attributes to be in a different format in the XML, with the attribute name as element name.

        So instead of
        <cas:attribute>
        <cas:name>$

        {fn:escapeXml(attr.key)}

        </cas:name>
        <cas:value>$

        {fn:escapeXml(attr.value)}

        </cas:value>
        </cas:attribute>
        I had to use
        <cas:$

        {fn:escapeXml(attr.key)}

        >$

        {fn:escapeXml(attr.value)}

        fuyi</cas:$

        {fn:escapeXml(attr.key)}

        >
        to make it work with a stock Java CAS 3.1.9 client.

        Kind regards,

        Sander Bos.

        Show
        Sander Bos added a comment - Thank you so very much Robert and Shoji!! One comment though, the Java CAS client has support for extra attributes as well (accessible through (AttributePrincipal) request.getUserPrincipal().getAttributes). But it expects the attributes to be in a different format in the XML, with the attribute name as element name. So instead of <cas:attribute> <cas:name>$ {fn:escapeXml(attr.key)} </cas:name> <cas:value>$ {fn:escapeXml(attr.value)} </cas:value> </cas:attribute> I had to use <cas:$ {fn:escapeXml(attr.key)} >$ {fn:escapeXml(attr.value)} fuyi</cas:$ {fn:escapeXml(attr.key)} > to make it work with a stock Java CAS 3.1.9 client. Kind regards, Sander Bos.
        Hide
        Sander Bos added a comment -

        Picked up wrong fragment from my clipboard manager, sorry. Here is the complete code as I have it now (under the cas:user line):

        <%-- Added attributes in response--%>
        <cas:attributes>
        <c:forEach var="attr"
        items="$

        {assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}

        "
        varStatus="loopStatus" begin="0"
        end="$

        {fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes)-1}

        "
        step="1">

        <%-- Produce output exactly as CAS client code expects it: <cas:attrName>attrValue</cas:attrName> --%>
        <cas:$

        {fn:escapeXml(attr.key)}

        >$

        {fn:escapeXml(attr.value)}

        </cas:$

        {fn:escapeXml(attr.key)}

        >

        <%--
        This is what is suggested in http://www.ja-sig.org/issues/browse/CAS-655, but what the CAS client
        does not expect
        <cas:attribute>
        <cas:name>foo0$

        {fn:escapeXml(attr.key)}

        foo1</cas:name>
        <cas:value>foo2$

        {fn:escapeXml(attr.value)}

        foo3</cas:value>
        </cas:attribute>
        --%>

        </c:forEach>
        </cas:attributes>

        Show
        Sander Bos added a comment - Picked up wrong fragment from my clipboard manager, sorry. Here is the complete code as I have it now (under the cas:user line): <%-- Added attributes in response--%> <cas:attributes> <c:forEach var="attr" items="$ {assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes} " varStatus="loopStatus" begin="0" end="$ {fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes)-1} " step="1"> <%-- Produce output exactly as CAS client code expects it: <cas:attrName>attrValue</cas:attrName> --%> <cas:$ {fn:escapeXml(attr.key)} >$ {fn:escapeXml(attr.value)} </cas:$ {fn:escapeXml(attr.key)} > <%-- This is what is suggested in http://www.ja-sig.org/issues/browse/CAS-655 , but what the CAS client does not expect <cas:attribute> <cas:name>foo0$ {fn:escapeXml(attr.key)} foo1</cas:name> <cas:value>foo2$ {fn:escapeXml(attr.value)} foo3</cas:value> </cas:attribute> --%> </c:forEach> </cas:attributes>

          People

          • Assignee:
            Scott Battaglia
            Reporter:
            Robert Lewis
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 1 day
              1d
              Remaining:
              Remaining Estimate - 1 day
              1d
              Logged:
              Time Spent - Not Specified
              Not Specified