Closed mpmeyer closed 8 years ago
Are you hitting /validate
or /p3/validate
?
I see the problem. Your remote CAS server is returning the extra attributes as elements like user_uuid
. The spec dictates that extra attributes be children of a cas:attributes
element. Also, the attributes should be in cas:your_attribute_name
elements.
I have the cas option set: casProtocolVersion: 2.0
and in the debug I see:
hapi-cas:main Credentials: {} +5s
hapi-cas:main Redirecting auth to: https://login.company.net/login?service=http%3A%2F%2F127.0.0.1%3A8080%2FcasHandler +0ms
simple-cas-interface:validateST validate url: https://login.company.net/serviceValidate +2s
simple-cas-interface:validateST validate qs: {"ticket":"ST-1462128112rF36A85D0DA50F4D9EC","service":"http://127.0.0.1:8080/casHandler"} +0ms
following in debug:
simple-cas-interface:protocol2 parsing xml +438ms
simple-cas-interface:xmlparser processing parsed xml +7ms
simple-cas-interface:xmlparser Received good validation from CAS server +0ms
hapi-cas:main Service ticket validated: +3ms
hapi-cas:main {"user":"username","user_id":"123","user_uuid":"xxx-xxx-xxx-xxx-xxx","user_email":"username@company.com","timeout":"1800","activityTracker:updateIntervalSeconds":"900"} +0ms
hapi-cas:main Credentials: {"username":"username","attributes":{}} +17ms
Yes, the data is coming back. But the data does not conform to the specification. Also, version 2 of the protocol does not support the extra attributes feature; that was a common hack in the reference server v3, but was not official. It became part of the protocol in protocol version 3.
hapi-cas
, and the module providing the actual CAS communication, simple-cas-interface
, strictly adhere to the protocol specification. So if you have configured hapi-cas
to use protocol v2 then it will never parse the extra attributes -- the code just isn't there. In order for extra attributes to be parsed you must configure hapi-cas
to communicate using version 3 of the protocol.
But, in this case, if you were to configure hapi-cas
to use protocol version 3 then you still wouldn't get your extra attributes added to the session. That is because the remote server is not following the protocol specification.
Does this answer your question?
Yes, thank you. I will have to try to see if our enterprise team can support CAS 3.0.
Then I shall close this issue.
BTW, I'm at least willing to consider pull requests that would solve your issue. Maybe some sort of "compatibility" mode for non-conformant servers. But that could be an infinite variety of options.
I have an existing enterprise CAS server that I am trying to integrate with hapi-cas.
I am getting the following response from the CAS server:
I see in plugins.js, cas.validateServiceTicket() that the result is:
The values being stored into the session are only: user and attributes:
I am unable to access the extra values supplied by my CAS server, could the full result be provided on another attribute of the session?
EX.
request.session.cas = result;