Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-442

CAS client fails with multi-valued SAML attributes

    XMLWordPrintableJSON

Details

    Description

      When using org.apache.shiro.cas.CasRealm, if the SAML returned by CAS contains multiple attributes of the same name (e.g. roles?), CasRealm blows up in doGetAuthorizationInfo

      String value = attributes.get(attributeName);

      with

      java.lang.ClassCastException: java.util.ArrayList cannot be cast to java.lang.String

      This is because the org.jasig.cas.client.validation.Saml11TicketValidator is populating the attributes in the
      principal as follows:

      personAttributes.put(samlAttribute.getName(), values.size() == 1 ? values.get(0) : values);

      See attached patch for a fix

      Attachments

        1. shiro-cas-saml.patch
          3 kB
          Art O Cathain

        Activity

          People

            Unassigned Unassigned
            artbristol Art O Cathain
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated: