modules/keycloak-protocol-cas

parent: b8c87450 | patch | commit | ignore whitespace

Improve ServiceResponseTest and fix XML response attribute order

Matthias Piepkorn

2017-02-05 bce81049aba8eca5afaca2949ba8be3db89a2825

Improve ServiceResponseTest and fix XML response attribute order

3 files modified

1 files added

	pom.xml	12 ●●●●● patch \| view \| raw \| blame \| history
	src/main/java/org/keycloak/protocol/cas/representations/CASServiceResponseAuthenticationSuccess.java	20 ●●●●● patch \| view \| raw \| blame \| history
	src/test/java/org/keycloak/protocol/cas/ServiceResponseTest.java	129 ●●●●● patch \| view \| raw \| blame \| history
	src/test/resources/org/keycloak/protocol/cas/cas-response-schema.xsd	77 ●●●●● patch \| view \| raw \| blame \| history

 pom.xml

@@ -93,6 +93,18 @@
            <version>${junit.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.xmlunit</groupId>
            <artifactId>xmlunit-core</artifactId>
            <version>2.3.0</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>com.jayway.jsonpath</groupId>
            <artifactId>json-path</artifactId>
            <version>2.2.0</version>
            <scope>test</scope>
        </dependency>
    </dependencies>
    <build>
        <plugins>

 src/main/java/org/keycloak/protocol/cas/representations/CASServiceResponseAuthenticationSuccess.java

@@ -10,12 +10,12 @@
@XmlAccessorType(XmlAccessType.FIELD)
public class CASServiceResponseAuthenticationSuccess {
    private String user;
    @XmlJavaTypeAdapter(AttributesMapAdapter.class)
    private Map<String, Object> attributes;
    private String proxyGrantingTicket;
    @XmlElementWrapper
    @XmlElement(name="proxy")
    private List<String> proxies;
    @XmlJavaTypeAdapter(AttributesMapAdapter.class)
    private Map<String, Object> attributes;

    public String getUser() {
        return this.user;
@@ -23,6 +23,14 @@

    public void setUser(final String user) {
        this.user = user;
    }

    public Map<String, Object> getAttributes() {
        return this.attributes;
    }

    public void setAttributes(final Map<String, Object> attributes) {
        this.attributes = attributes;
    }

    public String getProxyGrantingTicket() {
@@ -39,13 +47,5 @@

    public void setProxies(final List<String> proxies) {
        this.proxies = proxies;
    }

    public Map<String, Object> getAttributes() {
        return this.attributes;
    }

    public void setAttributes(final Map<String, Object> attributes) {
        this.attributes = attributes;
    }
}

 src/test/java/org/keycloak/protocol/cas/ServiceResponseTest.java

@@ -1,59 +1,35 @@
package org.keycloak.protocol.cas;

import com.jayway.jsonpath.JsonPath;
import com.sun.xml.bind.v2.util.FatalAdapter;
import org.junit.Test;
import org.keycloak.protocol.cas.representations.CASErrorCode;
import org.keycloak.protocol.cas.representations.CASServiceResponse;
import org.keycloak.protocol.cas.utils.ServiceResponseHelper;
import org.keycloak.protocol.cas.utils.ServiceResponseMarshaller;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.xml.sax.helpers.DefaultHandler;
import org.xmlunit.xpath.JAXPXPathEngine;
import org.xmlunit.xpath.XPathEngine;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.util.*;

import static org.junit.Assert.assertEquals;

public class ServiceResponseTest {
    private static final String EXPECTED_JSON_SUCCESS = "{\n" +
            "  \"serviceResponse\" : {\n" +
            "    \"authenticationSuccess\" : {\n" +
            "      \"user\" : \"username\",\n" +
            "      \"proxyGrantingTicket\" : \"PGTIOU-test\",\n" +
            "      \"proxies\" : [ \"https://proxy1/pgtUrl\", \"https://proxy2/pgtUrl\" ],\n" +
            "      \"attributes\" : {\n" +
            "        \"string\" : \"abc\",\n" +
            "        \"list\" : [ \"a\", \"b\" ],\n" +
            "        \"int\" : 123\n" +
            "      }\n" +
            "    }\n" +
            "  }\n" +
            "}";
    private static final String EXPECTED_XML_SUCCESS = "<cas:serviceResponse xmlns:cas=\"http://www.yale.edu/tp/cas\">\n" +
            "    <cas:authenticationSuccess>\n" +
            "        <cas:user>username</cas:user>\n" +
            "        <cas:proxyGrantingTicket>PGTIOU-test</cas:proxyGrantingTicket>\n" +
            "        <cas:proxies>\n" +
            "            <cas:proxy>https://proxy1/pgtUrl</cas:proxy>\n" +
            "            <cas:proxy>https://proxy2/pgtUrl</cas:proxy>\n" +
            "        </cas:proxies>\n" +
            "        <cas:attributes>\n" +
            "            <cas:string>abc</cas:string>\n" +
            "            <cas:list>a</cas:list>\n" +
            "            <cas:list>b</cas:list>\n" +
            "            <cas:int>123</cas:int>\n" +
            "        </cas:attributes>\n" +
            "    </cas:authenticationSuccess>\n" +
            "</cas:serviceResponse>";
    private static final String EXPECTED_JSON_FAILURE = "{\n" +
            "  \"serviceResponse\" : {\n" +
            "    \"authenticationFailure\" : {\n" +
            "      \"code\" : \"INVALID_REQUEST\",\n" +
            "      \"description\" : \"Error description\"\n" +
            "    }\n" +
            "  }\n" +
            "}";
    private static final String EXPECTED_XML_FAILURE = "<cas:serviceResponse xmlns:cas=\"http://www.yale.edu/tp/cas\">\n" +
            "    <cas:authenticationFailure code=\"INVALID_REQUEST\">Error description</cas:authenticationFailure>\n" +
            "</cas:serviceResponse>";
    private final XPathEngine xpath = new JAXPXPathEngine();

    public ServiceResponseTest() {
        xpath.setNamespaceContext(Collections.singletonMap("cas", "http://www.yale.edu/tp/cas"));
    }

    @Test
    public void testSuccessResponse() throws Exception {
@@ -62,18 +38,73 @@
        attributes.put("int", 123);
        attributes.put("string", "abc");

        List<String> proxies = Arrays.asList("https://proxy1/pgtUrl", "https://proxy2/pgtUrl");
        CASServiceResponse response = ServiceResponseHelper.createSuccess("username", attributes, "PGTIOU-test",
                Arrays.asList("https://proxy1/pgtUrl", "https://proxy2/pgtUrl"));
                proxies);

        assertEquals(EXPECTED_JSON_SUCCESS, ServiceResponseMarshaller.marshalJson(response));
        assertEquals(EXPECTED_XML_SUCCESS, ServiceResponseMarshaller.marshalXml(response));
        // Build and validate JSON response

        String json = ServiceResponseMarshaller.marshalJson(response);
        assertEquals("username", JsonPath.read(json, "$.serviceResponse.authenticationSuccess.user"));
        assertEquals(attributes.get("list"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.list"));
        assertEquals(attributes.get("int"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.int"));
        assertEquals(attributes.get("string"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.string"));
        assertEquals("PGTIOU-test", JsonPath.read(json, "$.serviceResponse.authenticationSuccess.proxyGrantingTicket"));
        assertEquals(proxies, JsonPath.read(json, "$.serviceResponse.authenticationSuccess.proxies"));

        // Build and validate XML response

        String xml = ServiceResponseMarshaller.marshalXml(response);
        Document doc = parseAndValidate(xml);
        assertEquals("username", xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:user", doc));
        int idx = 0;
        for (Node node : xpath.selectNodes("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:list", doc)) {
            assertEquals(((List)attributes.get("list")).get(idx), node.getTextContent());
            idx++;
        }
        assertEquals(((List)attributes.get("list")).size(), idx);
        assertEquals(attributes.get("int").toString(), xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:int", doc));
        assertEquals(attributes.get("string").toString(), xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:string", doc));

        assertEquals("PGTIOU-test", xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:proxyGrantingTicket", doc));
        idx = 0;
        for (Node node : xpath.selectNodes("/cas:serviceResponse/cas:authenticationSuccess/cas:proxies/cas:proxy", doc)) {
            assertEquals(proxies.get(idx), node.getTextContent());
            idx++;
        }
        assertEquals(proxies.size(), idx);
    }

    @Test
    public void testErrorResponse() throws Exception {
        CASServiceResponse response = ServiceResponseHelper.createFailure(CASErrorCode.INVALID_REQUEST, "Error description");

        assertEquals(EXPECTED_JSON_FAILURE, ServiceResponseMarshaller.marshalJson(response));
        assertEquals(EXPECTED_XML_FAILURE, ServiceResponseMarshaller.marshalXml(response));
        // Build and validate JSON response

        String json = ServiceResponseMarshaller.marshalJson(response);
        assertEquals(CASErrorCode.INVALID_REQUEST.name(), JsonPath.read(json, "$.serviceResponse.authenticationFailure.code"));
        assertEquals("Error description", JsonPath.read(json, "$.serviceResponse.authenticationFailure.description"));

        // Build and validate XML response

        String xml = ServiceResponseMarshaller.marshalXml(response);
        Document doc = parseAndValidate(xml);
        assertEquals(CASErrorCode.INVALID_REQUEST.name(), xpath.evaluate("/cas:serviceResponse/cas:authenticationFailure/@code", doc));
        assertEquals("Error description", xpath.evaluate("/cas:serviceResponse/cas:authenticationFailure", doc));
    }

    /**
     * Parse XML document and validate against CAS schema
     */
    private Document parseAndValidate(String xml) throws Exception {
        Schema schema = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI)
                .newSchema(getClass().getResource("cas-response-schema.xsd"));

        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        factory.setSchema(schema);
        factory.setNamespaceAware(true);
        DocumentBuilder builder = factory.newDocumentBuilder();
        builder.setErrorHandler(new FatalAdapter(new DefaultHandler()));
        return builder.parse(new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8)));
    }
}

 src/test/resources/org/keycloak/protocol/cas/cas-response-schema.xsd

New file
@@ -0,0 +1,77 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:cas="http://www.yale.edu/tp/cas" targetNamespace="http://www.yale.edu/tp/cas" elementFormDefault="qualified" attributeFormDefault="unqualified">
    <xs:annotation>
        <xs:documentation>The following is the schema for the Central Authentication Service (CAS) version 3.0 protocol response. This covers the responses for the following servlets: /serviceValidate, /proxyValidate, /p3/serviceValidate, /p3/proxyValidate, /proxy This specification is subject to change.</xs:documentation>
    </xs:annotation>
    <xs:element name="serviceResponse" type="cas:ServiceResponseType"></xs:element>
    <xs:complexType name="ServiceResponseType">
        <xs:choice>
            <xs:element name="authenticationSuccess" type="cas:AuthenticationSuccessType"></xs:element>
            <xs:element name="authenticationFailure" type="cas:AuthenticationFailureType"></xs:element>
            <xs:element name="proxySuccess" type="cas:ProxySuccessType"></xs:element>
            <xs:element name="proxyFailure" type="cas:ProxyFailureType"></xs:element>
        </xs:choice>
    </xs:complexType>
    <xs:complexType name="AuthenticationSuccessType">
        <xs:sequence>
            <xs:element name="user" type="xs:string"></xs:element>
            <xs:element name="attributes" type="cas:AttributesType" minOccurs="0"></xs:element>
            <xs:element name="proxyGrantingTicket" type="xs:string" minOccurs="0"></xs:element>
            <xs:element name="proxies" type="cas:ProxiesType" minOccurs="0"></xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="ProxiesType">
        <xs:sequence>
            <xs:element name="proxy" type="xs:string" maxOccurs="unbounded"></xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="AuthenticationFailureType">
        <xs:simpleContent>
            <xs:extension base="xs:string">
                <xs:attribute name="code" type="xs:string" use="required"></xs:attribute>
            </xs:extension>
        </xs:simpleContent>
    </xs:complexType>
    <xs:complexType name="ProxySuccessType">
        <xs:sequence>
            <xs:element name="proxyTicket" type="xs:string"></xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="ProxyFailureType">
        <xs:simpleContent>
            <xs:extension base="xs:string">
                <xs:attribute name="code" type="xs:string" use="required"></xs:attribute>
            </xs:extension>
        </xs:simpleContent>
    </xs:complexType>
    <xs:complexType name="AttributesType">
        <xs:sequence>
            <!-- the protocol documentation is unclear about that part; sometimes the meta-attributes are
                 required, sometimes not. For now we don't support them. -->
            <!--<xs:element name="authenticationDate" type="xs:dateTime" minOccurs="1" maxOccurs="1"></xs:element>-->
            <!--<xs:element name="longTermAuthenticationRequestTokenUsed" type="xs:boolean" minOccurs="1" maxOccurs="1">-->
                <!--<xs:annotation>-->
                    <!--<xs:documentation>true if a long-term (Remember-Me) token was used</xs:documentation>-->
                <!--</xs:annotation>-->
            <!--</xs:element>-->
            <!--<xs:element name="isFromNewLogin" type="xs:boolean" minOccurs="1" maxOccurs="1">-->
                <!--<xs:annotation>-->
                    <!--<xs:documentation>true if this was from a new, interactive login. If login was from a non-interactive login (e.g. Remember-Me), this value is false or might be omitted.</xs:documentation>-->
                <!--</xs:annotation>-->
            <!--</xs:element>-->

            <!-- this part of the offical schema is, unfortunately, invalid -->
            <!--<xs:element name="memberOf" type="xs:string" minOccurs="0" maxOccurs="unbounded">-->
                <!--<xs:annotation>-->
                    <!--<xs:documentation>One or many elements describing the units the user is member in. E.g. LDAP format values.</xs:documentation>-->
                <!--</xs:annotation>-->
            <!--</xs:element>-->

            <xs:any minOccurs="0" maxOccurs="unbounded" processContents="lax">
                <xs:annotation>
                    <xs:documentation>Any user specific attribute elements.</xs:documentation>
                </xs:annotation>
            </xs:any>
        </xs:sequence>
    </xs:complexType>
</xs:schema>

			@@ -93,6 +93,18 @@
			<version>${junit.version}</version>
			<scope>test</scope>
			</dependency>
			<dependency>
			<groupId>org.xmlunit</groupId>
			<artifactId>xmlunit-core</artifactId>
			<version>2.3.0</version>
			<scope>test</scope>
			</dependency>
			<dependency>
			<groupId>com.jayway.jsonpath</groupId>
			<artifactId>json-path</artifactId>
			<version>2.2.0</version>
			<scope>test</scope>
			</dependency>
			</dependencies>
			<build>
			<plugins>

			@@ -10,12 +10,12 @@
			@XmlAccessorType(XmlAccessType.FIELD)
			public class CASServiceResponseAuthenticationSuccess {
			private String user;
			@XmlJavaTypeAdapter(AttributesMapAdapter.class)
			private Map<String, Object> attributes;
			private String proxyGrantingTicket;
			@XmlElementWrapper
			@XmlElement(name="proxy")
			private List<String> proxies;
			@XmlJavaTypeAdapter(AttributesMapAdapter.class)
			private Map<String, Object> attributes;

			public String getUser() {
			return this.user;
			@@ -23,6 +23,14 @@

			public void setUser(final String user) {
			this.user = user;
			}

			public Map<String, Object> getAttributes() {
			return this.attributes;
			}

			public void setAttributes(final Map<String, Object> attributes) {
			this.attributes = attributes;
			}

			public String getProxyGrantingTicket() {
			@@ -39,13 +47,5 @@

			public void setProxies(final List<String> proxies) {
			this.proxies = proxies;
			}

			public Map<String, Object> getAttributes() {
			return this.attributes;
			}

			public void setAttributes(final Map<String, Object> attributes) {
			this.attributes = attributes;
			}
			}

			@@ -1,59 +1,35 @@
			package org.keycloak.protocol.cas;

			import com.jayway.jsonpath.JsonPath;
			import com.sun.xml.bind.v2.util.FatalAdapter;
			import org.junit.Test;
			import org.keycloak.protocol.cas.representations.CASErrorCode;
			import org.keycloak.protocol.cas.representations.CASServiceResponse;
			import org.keycloak.protocol.cas.utils.ServiceResponseHelper;
			import org.keycloak.protocol.cas.utils.ServiceResponseMarshaller;
			import org.w3c.dom.Document;
			import org.w3c.dom.Node;
			import org.xml.sax.helpers.DefaultHandler;
			import org.xmlunit.xpath.JAXPXPathEngine;
			import org.xmlunit.xpath.XPathEngine;

			import java.util.Arrays;
			import java.util.HashMap;
			import java.util.Map;
			import javax.xml.XMLConstants;
			import javax.xml.parsers.DocumentBuilder;
			import javax.xml.parsers.DocumentBuilderFactory;
			import javax.xml.validation.Schema;
			import javax.xml.validation.SchemaFactory;
			import java.io.ByteArrayInputStream;
			import java.nio.charset.StandardCharsets;
			import java.util.*;

			import static org.junit.Assert.assertEquals;

			public class ServiceResponseTest {
			private static final String EXPECTED_JSON_SUCCESS = "{\n" +
			" \"serviceResponse\" : {\n" +
			" \"authenticationSuccess\" : {\n" +
			" \"user\" : \"username\",\n" +
			" \"proxyGrantingTicket\" : \"PGTIOU-test\",\n" +
			" \"proxies\" : [ \"https://proxy1/pgtUrl\", \"https://proxy2/pgtUrl\" ],\n" +
			" \"attributes\" : {\n" +
			" \"string\" : \"abc\",\n" +
			" \"list\" : [ \"a\", \"b\" ],\n" +
			" \"int\" : 123\n" +
			" }\n" +
			" }\n" +
			" }\n" +
			"}";
			private static final String EXPECTED_XML_SUCCESS = "<cas:serviceResponse xmlns:cas=\"http://www.yale.edu/tp/cas\">\n" +
			" <cas:authenticationSuccess>\n" +
			" <cas:user>username</cas:user>\n" +
			" <cas:proxyGrantingTicket>PGTIOU-test</cas:proxyGrantingTicket>\n" +
			" <cas:proxies>\n" +
			" <cas:proxy>https://proxy1/pgtUrl</cas:proxy>\n" +
			" <cas:proxy>https://proxy2/pgtUrl</cas:proxy>\n" +
			" </cas:proxies>\n" +
			" <cas:attributes>\n" +
			" <cas:string>abc</cas:string>\n" +
			" <cas:list>a</cas:list>\n" +
			" <cas:list>b</cas:list>\n" +
			" <cas:int>123</cas:int>\n" +
			" </cas:attributes>\n" +
			" </cas:authenticationSuccess>\n" +
			"</cas:serviceResponse>";
			private static final String EXPECTED_JSON_FAILURE = "{\n" +
			" \"serviceResponse\" : {\n" +
			" \"authenticationFailure\" : {\n" +
			" \"code\" : \"INVALID_REQUEST\",\n" +
			" \"description\" : \"Error description\"\n" +
			" }\n" +
			" }\n" +
			"}";
			private static final String EXPECTED_XML_FAILURE = "<cas:serviceResponse xmlns:cas=\"http://www.yale.edu/tp/cas\">\n" +
			" <cas:authenticationFailure code=\"INVALID_REQUEST\">Error description</cas:authenticationFailure>\n" +
			"</cas:serviceResponse>";
			private final XPathEngine xpath = new JAXPXPathEngine();

			public ServiceResponseTest() {
			xpath.setNamespaceContext(Collections.singletonMap("cas", "http://www.yale.edu/tp/cas"));
			}

			@Test
			public void testSuccessResponse() throws Exception {
			@@ -62,18 +38,73 @@
			attributes.put("int", 123);
			attributes.put("string", "abc");

			List<String> proxies = Arrays.asList("https://proxy1/pgtUrl", "https://proxy2/pgtUrl");
			CASServiceResponse response = ServiceResponseHelper.createSuccess("username", attributes, "PGTIOU-test",
			Arrays.asList("https://proxy1/pgtUrl", "https://proxy2/pgtUrl"));
			proxies);

			assertEquals(EXPECTED_JSON_SUCCESS, ServiceResponseMarshaller.marshalJson(response));
			assertEquals(EXPECTED_XML_SUCCESS, ServiceResponseMarshaller.marshalXml(response));
			// Build and validate JSON response

			String json = ServiceResponseMarshaller.marshalJson(response);
			assertEquals("username", JsonPath.read(json, "$.serviceResponse.authenticationSuccess.user"));
			assertEquals(attributes.get("list"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.list"));
			assertEquals(attributes.get("int"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.int"));
			assertEquals(attributes.get("string"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.string"));
			assertEquals("PGTIOU-test", JsonPath.read(json, "$.serviceResponse.authenticationSuccess.proxyGrantingTicket"));
			assertEquals(proxies, JsonPath.read(json, "$.serviceResponse.authenticationSuccess.proxies"));

			// Build and validate XML response

			String xml = ServiceResponseMarshaller.marshalXml(response);
			Document doc = parseAndValidate(xml);
			assertEquals("username", xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:user", doc));
			int idx = 0;
			for (Node node : xpath.selectNodes("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:list", doc)) {
			assertEquals(((List)attributes.get("list")).get(idx), node.getTextContent());
			idx++;
			}
			assertEquals(((List)attributes.get("list")).size(), idx);
			assertEquals(attributes.get("int").toString(), xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:int", doc));
			assertEquals(attributes.get("string").toString(), xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:string", doc));

			assertEquals("PGTIOU-test", xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:proxyGrantingTicket", doc));
			idx = 0;
			for (Node node : xpath.selectNodes("/cas:serviceResponse/cas:authenticationSuccess/cas:proxies/cas:proxy", doc)) {
			assertEquals(proxies.get(idx), node.getTextContent());
			idx++;
			}
			assertEquals(proxies.size(), idx);
			}

			@Test
			public void testErrorResponse() throws Exception {
			CASServiceResponse response = ServiceResponseHelper.createFailure(CASErrorCode.INVALID_REQUEST, "Error description");

			assertEquals(EXPECTED_JSON_FAILURE, ServiceResponseMarshaller.marshalJson(response));
			assertEquals(EXPECTED_XML_FAILURE, ServiceResponseMarshaller.marshalXml(response));
			// Build and validate JSON response

			String json = ServiceResponseMarshaller.marshalJson(response);
			assertEquals(CASErrorCode.INVALID_REQUEST.name(), JsonPath.read(json, "$.serviceResponse.authenticationFailure.code"));
			assertEquals("Error description", JsonPath.read(json, "$.serviceResponse.authenticationFailure.description"));

			// Build and validate XML response

			String xml = ServiceResponseMarshaller.marshalXml(response);
			Document doc = parseAndValidate(xml);
			assertEquals(CASErrorCode.INVALID_REQUEST.name(), xpath.evaluate("/cas:serviceResponse/cas:authenticationFailure/@code", doc));
			assertEquals("Error description", xpath.evaluate("/cas:serviceResponse/cas:authenticationFailure", doc));
			}

			/**
			* Parse XML document and validate against CAS schema
			*/
			private Document parseAndValidate(String xml) throws Exception {
			Schema schema = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI)
			.newSchema(getClass().getResource("cas-response-schema.xsd"));

			DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
			factory.setSchema(schema);
			factory.setNamespaceAware(true);
			DocumentBuilder builder = factory.newDocumentBuilder();
			builder.setErrorHandler(new FatalAdapter(new DefaultHandler()));
			return builder.parse(new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8)));
			}
			}

New file
			@@ -0,0 +1,77 @@
			<?xml version="1.0" encoding="UTF-8"?>
			<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:cas="http://www.yale.edu/tp/cas" targetNamespace="http://www.yale.edu/tp/cas" elementFormDefault="qualified" attributeFormDefault="unqualified">
			<xs:annotation>
			<xs:documentation>The following is the schema for the Central Authentication Service (CAS) version 3.0 protocol response. This covers the responses for the following servlets: /serviceValidate, /proxyValidate, /p3/serviceValidate, /p3/proxyValidate, /proxy This specification is subject to change.</xs:documentation>
			</xs:annotation>
			<xs:element name="serviceResponse" type="cas:ServiceResponseType"></xs:element>
			<xs:complexType name="ServiceResponseType">
			<xs:choice>
			<xs:element name="authenticationSuccess" type="cas:AuthenticationSuccessType"></xs:element>
			<xs:element name="authenticationFailure" type="cas:AuthenticationFailureType"></xs:element>
			<xs:element name="proxySuccess" type="cas:ProxySuccessType"></xs:element>
			<xs:element name="proxyFailure" type="cas:ProxyFailureType"></xs:element>
			</xs:choice>
			</xs:complexType>
			<xs:complexType name="AuthenticationSuccessType">
			<xs:sequence>
			<xs:element name="user" type="xs:string"></xs:element>
			<xs:element name="attributes" type="cas:AttributesType" minOccurs="0"></xs:element>
			<xs:element name="proxyGrantingTicket" type="xs:string" minOccurs="0"></xs:element>
			<xs:element name="proxies" type="cas:ProxiesType" minOccurs="0"></xs:element>
			</xs:sequence>
			</xs:complexType>
			<xs:complexType name="ProxiesType">
			<xs:sequence>
			<xs:element name="proxy" type="xs:string" maxOccurs="unbounded"></xs:element>
			</xs:sequence>
			</xs:complexType>
			<xs:complexType name="AuthenticationFailureType">
			<xs:simpleContent>
			<xs:extension base="xs:string">
			<xs:attribute name="code" type="xs:string" use="required"></xs:attribute>
			</xs:extension>
			</xs:simpleContent>
			</xs:complexType>
			<xs:complexType name="ProxySuccessType">
			<xs:sequence>
			<xs:element name="proxyTicket" type="xs:string"></xs:element>
			</xs:sequence>
			</xs:complexType>
			<xs:complexType name="ProxyFailureType">
			<xs:simpleContent>
			<xs:extension base="xs:string">
			<xs:attribute name="code" type="xs:string" use="required"></xs:attribute>
			</xs:extension>
			</xs:simpleContent>
			</xs:complexType>
			<xs:complexType name="AttributesType">
			<xs:sequence>
			<!-- the protocol documentation is unclear about that part; sometimes the meta-attributes are
			required, sometimes not. For now we don't support them. -->
			<!--<xs:element name="authenticationDate" type="xs:dateTime" minOccurs="1" maxOccurs="1"></xs:element>-->
			<!--<xs:element name="longTermAuthenticationRequestTokenUsed" type="xs:boolean" minOccurs="1" maxOccurs="1">-->
			<!--<xs:annotation>-->
			<!--<xs:documentation>true if a long-term (Remember-Me) token was used</xs:documentation>-->
			<!--</xs:annotation>-->
			<!--</xs:element>-->
			<!--<xs:element name="isFromNewLogin" type="xs:boolean" minOccurs="1" maxOccurs="1">-->
			<!--<xs:annotation>-->
			<!--<xs:documentation>true if this was from a new, interactive login. If login was from a non-interactive login (e.g. Remember-Me), this value is false or might be omitted.</xs:documentation>-->
			<!--</xs:annotation>-->
			<!--</xs:element>-->

			<!-- this part of the offical schema is, unfortunately, invalid -->
			<!--<xs:element name="memberOf" type="xs:string" minOccurs="0" maxOccurs="unbounded">-->
			<!--<xs:annotation>-->
			<!--<xs:documentation>One or many elements describing the units the user is member in. E.g. LDAP format values.</xs:documentation>-->
			<!--</xs:annotation>-->
			<!--</xs:element>-->

			<xs:any minOccurs="0" maxOccurs="unbounded" processContents="lax">
			<xs:annotation>
			<xs:documentation>Any user specific attribute elements.</xs:documentation>
			</xs:annotation>
			</xs:any>
			</xs:sequence>
			</xs:complexType>
			</xs:schema>