Currently, the plugin doesn't work with mama-cas when in SAML 1.1 mode (CAS 2.0 on the other hand works fine).

The problem appears to be the following:

According to https://github.com/Jasig/cas/blob/master/cas-server-documentation/protocol/CAS-Protocol-Specification.md in section 2.1.1, the /login endpoint only knows the "service" parameter, but not the TARGET parameter which your plugin appears to send (visible as GET parameter).

In section 4.2.1, /samlValidate describes a TARGET parameter that must match the "service" parameter of /login - that seems to be an obvious hint that /login has the same value as this parameter but named "service" and not TARGET.

If your assessment has the same result (that this is indeed incorrect), then it would be nice if you could fix it (: