Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-442

CAS client fails with multi-valued SAML attributes

    XMLWordPrintableJSON

    Details

      Description

      When using org.apache.shiro.cas.CasRealm, if the SAML returned by CAS contains multiple attributes of the same name (e.g. roles?), CasRealm blows up in doGetAuthorizationInfo

      String value = attributes.get(attributeName);

      with

      java.lang.ClassCastException: java.util.ArrayList cannot be cast to java.lang.String

      This is because the org.jasig.cas.client.validation.Saml11TicketValidator is populating the attributes in the
      principal as follows:

      personAttributes.put(samlAttribute.getName(), values.size() == 1 ? values.get(0) : values);

      See attached patch for a fix

        Attachments

        1. shiro-cas-saml.patch
          3 kB
          Art O Cathain

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              artbristol Art O Cathain
            • Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: