I am troubleshooting a problem related to the perl module AuthCASSaml. We have a piece of software which we would like to use our CAS server to authenticate. Authentication is working. However, when AuthCASSaml processes the returned output, it ends up returninf HASH references instead of the actual value of the ldap attributes being returned by the CAS server. I have pinpointed it to this section of the AuthCASSaml.pm code:
my $user = $responseBase->{'saml1:Assertion'}{'saml1:AuthenticationStatement'}{'saml1:Subject'}{'saml1:NameIdentifier'};
my %casAttrs;
my $attrs = $responseBase->{'saml1:Assertion'}{'saml1:AttributeStatement'}{'saml1:Attribute'};
if($attrs) {
for(my $i=0;$i<@$attrs;$i++) {
my $attr = $$attrs[$i];
my $name = $attr->{'AttributeName'};
my $value = $attr->{'saml1:AttributeValue'};
$casAttrs{$name} = $value;
}
}
"AttributeName" returns as expected. The problem is with "AttributeValue". The code seems to be expecting a string, but the xml code returned from the CAS server for "AttributeValue" is more than a simple string.
<saml1:Attribute AttributeName="UDC_IDENTIFIER" AttributeNamespace="http://www.ja-sig.org/products/cas/">
<saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">useriden</saml1:AttributeValue>
</saml1:Attribute>
What is getting returned is "Attributes : uid=>HASH(0x331ecb0), UDC_IDENTIFIER=>HASH(0x331ee90)".
I should also note, all of the code we are running is vendor provided. I am not a perl programmer. I'm just trying to get everything to play nice together. It's a long story, but I'll just say the vendor is of no help in this situation.
I can provide the code in the cgi script for testing, but the main software code also experiences this problem, which is why I'm pretty sure AuthCASSaml.pm is the place to attempt to fix this.
Any help is greatly appreciated.
A relevant snippet from my answer to Why is XML::Simple Discouraged?:
This means that you have to perform all kinds of checks to see what you actually got. But the sheer complexity of this encourages developers to make very bad assumptions instead.
It appears exactly that is happening here. That said, the data you want is accessible using the following:
my $av_node = $attr->{'saml1:AttributeValue'};
$casAttrs{$name} = ref($av_node) ? $av_node->{content} : $av_node;
Note that still makes some of the aforementioned assumptions.