[SHIRO-442] CAS client fails with multi-valued SAML attributes - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.2.1
Fix Version/s: None
Component/s: Authorization (access control)
Labels:
- patch

Description

When using org.apache.shiro.cas.CasRealm, if the SAML returned by CAS contains multiple attributes of the same name (e.g. roles?), CasRealm blows up in doGetAuthorizationInfo

String value = attributes.get(attributeName);

with

java.lang.ClassCastException: java.util.ArrayList cannot be cast to java.lang.String

This is because the org.jasig.cas.client.validation.Saml11TicketValidator is populating the attributes in the
principal as follows:

personAttributes.put(samlAttribute.getName(), values.size() == 1 ? values.get(0) : values);

See attached patch for a fix

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

shiro-cas-saml.patch
20/May/13 15:15
3 kB
Art O Cathain

Activity

People

Assignee:: Unassigned

Reporter:: Art O Cathain

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 20/May/13 15:14

Updated:: 13/Jul/16 17:16