Hi Ken, Thanks for being an early adopter ;-)
You raise an interesting concern about profiles distinction : with multiple sources of authentication, I think that the typed id is absolutely necessary to know which was the authentication provider. That said, you're right, you still need to distinguish between different profiles in the CAS client applications. And I have anticipated that with the ProfileHelper class in the pac4j-core library : https://github.com/leleuj/pac4j/blob/master/pac4j-core/src/main/java/org/pac4j/core/profile/ProfileHelper.java. On client side, you need to add the appropriate dependencies : pac4j-core + pac4j-cas (if you delegate authentication to another CAS server). After service ticket validation, you will be returned a CAS assertion with identifier and attributes. With that information and the ProfileHelper methods, you can test : if (ProfileHelper.isTypedIdOf(returnedId, CasProfile.class)) and rebuild the profile : CasProfile casProfile = (CasProfile) ProfileHelper.buildProfile(returnedId, returnedAttributes); Best regards, Jérôme P.S. : I need some last update to configure properly the CAS server regarding pac4j support. You may encounter some missing attributes on client side right now. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
