rubycas/rubycas-server

Attributes always treated as arrays?

bkosborne opened this issue · 1 comments

bkosborne commented

I hoped to pass the LDAP attribute "gidNumber" as an extra attribute that is returned in CAS validation. Upon doing do, I get output like this:

<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
  <cas:authenticationSuccess>
    <cas:user>bosborne</cas:user>
    <gidNumber>
      <![CDATA[--- 
- "123"
]]>
    </gidNumber>
  </cas:authenticationSuccess>
</cas:serviceResponse>

Instead of just presenting the single value 123, it's presented as a YAML array with one entry. The code that does that is here: https://github.com/rubycas/rubycas-server/blob/master/lib/casserver/server.rb#L738

The underlying LDAP library this gem uses is responsible for treating LDAP attributes as arrays, even if there is just one value in them. I think the majority of LDAP attributes are single value, like gidNumber which is a widely used attribute and not multivalued (from what I've seen). So presenting them as arrays is kind of tough to accept.

I wonder if someone with more experience can chime in on this behavior? Is it really expected that a YAML array of one value should be returned for a simple attribute such as gidNumber?

bpalme commented

This is really messing me up too. My app using a ruby client works fine, but the php cas client passes the dashes right on through.

It seems like you could test for an array in that function and then iterate through them printing out the values, either as elements as above or with separators. The way I read this though, it should be as separate elements:
http://jasig.github.io/cas/4.1.x/protocol/CAS-Protocol-Specification.html#example-response-with-custom-attributes