Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-442

CAS client fails with multi-valued SAML attributes

    Details

      Description

      When using org.apache.shiro.cas.CasRealm, if the SAML returned by CAS contains multiple attributes of the same name (e.g. roles?), CasRealm blows up in doGetAuthorizationInfo

      String value = attributes.get(attributeName);

      with

      java.lang.ClassCastException: java.util.ArrayList cannot be cast to java.lang.String

      This is because the org.jasig.cas.client.validation.Saml11TicketValidator is populating the attributes in the
      principal as follows:

      personAttributes.put(samlAttribute.getName(), values.size() == 1 ? values.get(0) : values);

      See attached patch for a fix

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              artbristol Art O Cathain
            • Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: