CAS authentication fails with CAS 6.1.x
Created by: qosobrin
Version
6.2.16, Debian 9 package
Installation method
apt
Expected behavior
Users should be able to authenticate using CAS
Actual behavior
Users are unable to authenticate using CAS
Additional information
This is more a warning than a bug report since the error is caused by the perl module AuthCAS.pm that Sympa uses to authenticate users.
My institution recently moved our CAS installation from version 3.x to version 6.1.x and CAS authentication in Sympa stopped working.
Initial investigation showed that the problem was that AuthCAS was not able to validate CAS tickets. Further investigation demonstrated that our CAS 6.1.x is returning the XML file with this code
<?xml version="1.0" encoding="ISO-8859-1"?><cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
in a single line while AuthCAS expects them to be in separated lines.
CAS 3.x XML
<?xml version="1.0" encoding="ISO-8859-1"?>
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>...
CAS 6.1.x XML
<?xml version="1.0" encoding="ISO-8859-1"?><cas:serviceResponse
xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>...
When we forced these tags to be in separated lines by adding this line to the _parse_xml sub in AuthCAS.pm, the module started to validate CAS 6.1.x tickets, as expected, and users could authenticate again:
sub _parse_xml {
my $data = shift;
$data =~ s/"ISO-8859-1"\?>/"ISO-8859-1"\?>\n/g; #This line added
This is nothing but a patch to demonstrate a problem that should be corrected by correctly parsing blank characters between tags in AuthCAS. We have not tested the latest version of AuthCAS, but we understand that the problem should be also present in version 1.7 since the code of the _parse_xml sub is almost identical.
Thank you very much. Best regards.