We can not use CAS versions newer than 7.1.6-1 because in 7.1.6-2 we hit the bug:
"java.lang.IllegalArgumentException: User name must not be blank" which seems to be fixed in 7.1.6-3.
But since that version we hit another bug:
"client.go:272] Error validating ticket: XML syntax error on line 15: invalid character entity &T (no semicolon)"
This seems to be caused by a & character in a group name on our Active Directory Server.
According to Microsoft this is legal and we use it since more than 15 years.
It seems that in 7.1.6-1 this was working because then it was stored in the XML file as:
service_validate.go:77] Received authentication response
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:groups>T&T Employer</cas:groups>
and on 7.1.6-3 it is stored as:
service_validate.go:77] Received authentication response
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:groups>T&T Employer</cas:groups>
which is illegal in a XML document which gives the above error.
We can not use CAS versions newer than 7.1.6-1 because in 7.1.6-2 we hit the bug:
"java.lang.IllegalArgumentException: User name must not be blank" which seems to be fixed in 7.1.6-3.
But since that version we hit another bug:
"client.go:272] Error validating ticket: XML syntax error on line 15: invalid character entity &T (no semicolon)"
This seems to be caused by a & character in a group name on our Active Directory Server.
According to Microsoft this is legal and we use it since more than 15 years.
It seems that in 7.1.6-1 this was working because then it was stored in the XML file as:
service_validate.go:77] Received authentication response<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:groups>T&T Employer</cas:groups>and on 7.1.6-3 it is stored as:
service_validate.go:77] Received authentication response<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:groups>T&T Employer</cas:groups>which is illegal in a XML document which gives the above error.