Incompatibility with Shibboleth IdP 3.4.6

[kellenmurphy]

Note: Opening this issue in response to this post.

Based upon the release notes for IdP 3.4.6, ShibCas is incompatible with this release of Identity Provider because it functions by "directly instantiating/adding an instance of the ExternalAuthenticationContext class to the profile request context tree."

This manifests as the following Shibboleth error:

2019-10-03 09:20:17,080 - ERROR [net.shibboleth.idp.authn:-2] - Uncaught runtime exception

org.springframework.binding.expression.EvaluationException: An ELException occurred getting the value for expression 'opensamlProfileRequestContext.getSubcontext(T(net.shibboleth.idp.authn.context.AuthenticationContext)).addSubcontext(new net.shibboleth.idp.authn.context.ExternalAuthenticationContext(), true).setFlowExecutionUrl(flowExecutionUrl + '&_eventId_proceed=1')' on context [class org.springframework.webflow.engine.impl.RequestControlContextImpl]
    at org.springframework.binding.expression.spel.SpringELExpression.getValue(SpringELExpression.java:94)
Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1002E: Constructor call: No suitable constructor found on type net.shibboleth.idp.authn.context.ExternalAuthenticationContext for arguments ()
    at org.springframework.expression.spel.ast.ConstructorReference.findExecutorForConstructor(ConstructorReference.java:203)

There is a modification provided in the thread which will return functionality to the plugin, but at the expense of re-introducing the vulnerability that the 3.4.6 release was meant to patch.

[kellenmurphy]

Closed as the original author of the comment in the Shib forum posted that they would be opening this issue themselves.