Marvin, PersonDirectory has a number of merging PersonAttributeDaos that may do what you need.
-Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Wed, Oct 29, 2008 at 11:43 AM, Marvin S. Addison <[EMAIL PROTECTED]> wrote: > There does not appear to be a feature in CAS 3.3 that allows chaining > of attribute repositories. It would be very beneficial to allow > CredentialsToPrincipalResolver instances to consult a number of > IPersonAttributeDao instances for attributes about the authenticated > principal: > > <bean class="CredentialsToLDAPAttributePrincipalResolver"> > <property name="credentialsToPrincipalResolver"> > <bean class="X509CertificateCredentialsToIdentifierPrincipalResolver"> > <property name="identifier" value="$UID" /> > </bean> > </property> > <property name="filter" value="(uid=%u)" /> > > <!-- The attribute used to define the new Principal ID --> > <property name="principalAttributeName" value="uupid" /> > > <property name="searchBase" value="ou=People,dc=vt,dc=edu" /> > <property name="contextSource" ref="edAuthContextSource" /> > <property name="attributeRepositories> > <list> > <ref bean="primaryLdapRepository" /> > <ref bean="secondaryLdapRepository" /> > </list> > </property> > </bean> > > I realize that for CredentialsToLDAPAttributePrincipalResolver it may > only make sense to consult LDAP repositories, but the true power of > chained attribute sources lies in arbitrary data sources (e.g. RDBMS, > statically-configured). The Shib Java IDP supports this feature, and > I can say from experience that it's powerful. > > Please speak up if you think this feature would be beneficial. We may > have a requirement to support multiple attribute sources, and would be > willing to contribute our solution if there's interest. > > Thanks, > Marvin > _______________________________________________ > cas-dev mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas-dev >
_______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev
