Problem with DotNetCasClient getting additional attributes from CAS-Server response

I’m usin CAS-JASIG server with Active Directory for authentication. But I found a problem with the DotNetCasClient-1.0.1. I was not able to retrieve the user parameters that CAS-Server send in the XML response after a success authentication.

I knew that my CAS-Server response was sending those parameters. Because my PHP-CAS Client applications read those parameters without any problem. In fact the response looks like this:

<cas:serviceResponse xmlns:cas=''>
 <cas:attribute name="mail" value="" />
 <cas:attribute name="sn" value="Doe Doe" />
 <cas:attribute name="cn" value="Jane Doe" />
 <cas:attribute name="givenName" value="Jane" />

NOTE: To send additional user parameters from CAS-Server to CAS-Clients. You need to modify your “deployerConfigContext.xml”. Let me know if you are having problems whit LDAP configuration.

How did I note that DotnetCasClient was not retrieving those additional attributes? Well, from my own C# code when the user was successfully authenticated against CAS-Server I ask to DotnetCasClient for those additional attributes:

CasPrincipal tmpUser = (CasPrincipal)System.Web.HttpContext.Current.User;
if (tmpUser.Assertion.Attributes != null && tmpUser.Assertion.Attributes.Count > 0)



How did I solve my problem? Well, after debugging a lot I found out that It was not a configuration problem. That the problem came from the DotNetCasClient code. Because those attributes were never set. So I modified the “DotNetCasClient\Validation\TicketValidator\Cas20ServiceTicketValidator [Line 134] method ParseResponseFromServer” and add the following code :

if (authSuccessResponse.Proxies != null && authSuccessResponse.Proxies.Length > 0)</pre>
     //I didn't modified anything here!
     IDictionary<string, IList<string>> attributes =
               new Dictionary<string, IList<string>>();
          XmlDocument doc = new XmlDocument();
          XmlNamespaceManager namespaceManager = new XmlNamespaceManager(doc.NameTable);
          namespaceManager.AddNamespace("cas", "");
          XmlNode GeneralInformationNode = doc.SelectSingleNode("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes", namespaceManager);
          XmlNodeList attri = GeneralInformationNode.SelectNodes("cas:attribute",namespaceManager);

         if (attri != null)
             foreach (XmlNode node in attri)
                 XmlElement z = (XmlElement)node;

                 IList<string> values = new List<string>();
                 attributes.Add(z.GetAttribute("name").ToString(), values);
         return new CasPrincipal(new Assertion(authSuccessResponse.User, attributes), proxyGrantingTicketIou);
    catch (Exception e)
        throw new TicketValidationException("CUSTOM CODE EXCEPTION["+e.Message+"]: "+e.StackTrace);

    //I didn't touch anything from here either

This is just I problem that I face with DotnetCasClient for this very specific case. I don’t know if is just me but I wanna share my solution (my way). Perhaps if you have a better one, please share 🙂


2 comentarios en “Problem with DotNetCasClient getting additional attributes from CAS-Server response

  1. Andy dijo:


    I am just starting out with dotnetcas, I have a test MVC app and I can authenticate successfully via cas which displays the user name (cn or principal name) in the typical MVC way:

    Hello, AMcInnes! Log off

    How can I get this to display the givenname and sn (surname) attributes?

    Thanks for the interesting article!


    • leydian dijo:

      Hi Andy,

      Thank you for visit my blog.

      Are sure that you are already receiving the “cn” and “sn” values on the CAS response?

      To make sure you can execute:

      CasPrincipal tmpUser = (CasPrincipal)System.Web.HttpContext.Current.User;
      if (tmpUser.Assertion.Attributes != null && tmpUser.Assertion.Attributes.Count > 0)
      //Make a loop to reach each attribute

      Once you have those attributes, you can use a link to display the “sn” instead of using asp:LoginName


Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de

Estás comentando usando tu cuenta de Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s