Because you told your service to use the default CAS behavior when returning usernames, via: "@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
You never told it which attribute should be used as the username. It cannot know that without your direct instructions. If you go back to the original link I sent you, that should help describe what options are available for providing usernames for registered services. Pick the one that works on an attribute. From: John Bruestle [mailto:[email protected]] Sent: Tuesday, January 5, 2016 3:19 PM To: CAS Community <[email protected]> Cc: [email protected] Subject: Re: [cas-user] Returning userid in Validation Response Thank you for your help. I think I am getting closer: As a test, I changed the bottom of my AuthenticationHandler to: final Map<String, Object> attributes = new HashMap<>(); attributes.put("abc", "123"); attributes.put("def", "456"); return createHandlerResult(credential, this.principalFactory.createPrincipal(username,attributes), null) And I updated the service definition to: { "@class" : "org.jasig.cas.services.RegexRegisteredService", "serviceId" : "^http://localhost/bonfire/cas/.*";, "name" : "Bonfire Development", "id" : 10000017, "description" : "Bonfire Development CAS Single Sign-On", "proxyPolicy" : { "@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy" }, "evaluationOrder" : 0, "usernameAttributeProvider" : { "@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider" }, "logoutType" : "BACK_CHANNEL", "attributeReleasePolicy" : { "@class" : "org.jasig.cas.services.ReturnAllAttributeReleasePolicy" }, "accessStrategy" : { "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "ssoEnabled" : true } } Only problem is that I am still just seeing only the the "user" attribute in the validation response. Is there something more I need to configure? On Tuesday, January 5, 2016 at 1:16:21 PM UTC-5, Misagh Moayyed wrote: Since you are on 4.1, your authentication handler is able to create the principal with all the attributes it needs. So, as long as your handler is stuffing that attribute into the final Principal that is created, you should be able to dictate to a service that the attribute should be used in the final response. See this as an example of how LDAP AuthN adds attributes: https://github.com/Jasig/cas/blob/4.1.x/cas-server-support-ldap/src/main/java/org/jasig/cas/authentication/LdapAuthenticationHandler.java#L196 Have yours do the same. You simply need to decide what the attribute name should be, and stuff it into a map that the principal carries for attributes. This is also relevant: https://jasig.github.io/cas/4.1.x/installation/Configuring-Principal-Resolution.html#principalresolver-vs-authenticationhandler From: [email protected] <javascript:> [mailto:[email protected] <javascript:> ] On Behalf Of John Bruestle Sent: Tuesday, January 5, 2016 11:11 AM To: CAS Community <[email protected] <javascript:> > Cc: [email protected] <javascript:> Subject: Re: [cas-user] Returning userid in Validation Response Thanks. Yes, that tells me how to configure the response so it will show the specific attributes I want, but it doesn't tell me how to create the attributes. In my case, I'm getting a userid returned by the store procedure I'm calling in my AuthenticationHandler, when authenticating. I'd like to add code there, at the point that I know the userid, to store (resolve?) it as an attribute. How do I do that? On Tuesday, January 5, 2016 at 12:28:38 PM UTC-5, Misagh Moayyed wrote: See if this helps: https://jasig.github.io/cas/4.1.x/integration/Attribute-Release.html Section “Principal-Id Attribute”. From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of John Bruestle Sent: Tuesday, January 5, 2016 9:02 AM To: CAS Community <[email protected] <mailto:[email protected]> > Subject: [cas-user] Returning userid in Validation Response My system's usernames used for logins are not the same as the unique userid's used by the database. In fact, usernames aren't necessarily unique and sometimes require the password to determine the specific userid. I need my validation response to return the userid. I already have a custom AuthenticationHandler, which implements AbstractJdbcUsernamePasswordAuthenticationHandler, that is correctly authenticating using a MSSQL stored procedure. One of the byproducts of calling the procedure is the userid, so that in the AuthenticationHandler we do know what the userid is. >From my reading, it seems that there may be a way to store the userid away as an attribute, which could later be used as part of the validation response. I'm stuck however trying to figure out how to do this. I would appreciate some pointers, especially if they came with the specific XML files I need to modify and the functions I should call from within my AuthenticationHandler to store the attribute. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <javascript:> . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
