Protocol updates on security strength of validation requests

Description

From Marvin:

I recall the following statement didn't provide enough implementation details:

CAS uses an HTTP GET request to pass the HTTP request parameters "pgtId" and "pgtIou" to the pgtUrl. These entities are discussed in Sections 3.3 and 3.4, respectively.

When working on the Shib-CAS plugin, I had to review CAS server source to fill in some blanks. I don't recall exactly what was unclear, but I believe it related to the exact mechanics of constructing the callback URL and what to do with the server-side identifiers on success.

Furthermore, the recommendation of extending user attributes is preferred to match the default impl:
<cas:attributes><cas:attributeName>VALUE</cas:attributeName></cas:attributes>

Environment

None

Status

Assignee

Misagh Moayyed

Reporter

Misagh Moayyed

Labels

None

Estimated End Date

None

Audience

None

Components

Fix versions

Affects versions

4.0 RC2

Priority

Major