Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-442

CAS client fails with multi-valued SAML attributes

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

      Description

      When using org.apache.shiro.cas.CasRealm, if the SAML returned by CAS contains multiple attributes of the same name (e.g. roles?), CasRealm blows up in doGetAuthorizationInfo

      String value = attributes.get(attributeName);

      with

      java.lang.ClassCastException: java.util.ArrayList cannot be cast to java.lang.String

      This is because the org.jasig.cas.client.validation.Saml11TicketValidator is populating the attributes in the
      principal as follows:

      personAttributes.put(samlAttribute.getName(), values.size() == 1 ? values.get(0) : values);

      See attached patch for a fix

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              artbristol Art O Cathain

              Dates

              • Created:
                Updated:

                Issue deployment