I wasn't erally expecting to change the username provided, although that
would be OK. I was just expecting to add an other data item to what the
validation response returnd.
Anyway, I tried changing to:
"usernameAttributeProvider" : {
"@class" :
"org.jasig.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "def"
},
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "cn", "abc", "def" ] ]
},
And I am still not seeing the test "def" attribute I created in my
Authentication Handler by going:
final Map<String, Object> attributes = new HashMap<>();
attributes.put("abc", "123");
attributes.put("def", "456");
I do wonder if I am suppose to be defining a different attribute
repository. Right now my deployerConfigContext.xml contains:
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="groupMembership" value="groupMembership" />
<entry>
<key><value>memberOf</value></key>
<list>
<value>faculty</value>
<value>staff</value>
<value>org</value>
</list>
</entry>
</util:map>
On Wed, Jan 6, 2016 at 2:01 AM, Misagh Moayyed <[email protected]> wrote:
> Because you told your service to use the default CAS behavior when
> returning usernames, via: "@class" :
> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
>
> You never told it which attribute should be used as the username. It
> cannot know that without your direct instructions.
>
>
>
> If you go back to the original link I sent you, that should help describe
> what options are available for providing usernames for registered services.
> Pick the one that works on an attribute.
>
>
>
> *From:* John Bruestle [mailto:[email protected]]
> *Sent:* Tuesday, January 5, 2016 3:19 PM
> *To:* CAS Community <[email protected]>
> *Cc:* [email protected]
> *Subject:* Re: [cas-user] Returning userid in Validation Response
>
>
>
> Thank you for your help. I think I am getting closer:
>
>
>
> As a test, I changed the bottom of my AuthenticationHandler to:
>
>
>
> final Map<String, Object> attributes = new
> HashMap<>();
>
> attributes.put("abc", "123");
>
> attributes.put("def", "456");
>
>
>
> return createHandlerResult(credential,
> this.principalFactory.createPrincipal(username,attributes), null)
>
>
>
> And I updated the service definition to:
>
>
>
> {
>
> "@class" : "org.jasig.cas.services.RegexRegisteredService",
>
> "serviceId" : "^http://localhost/bonfire/cas/.*";,
>
> "name" : "Bonfire Development",
>
> "id" : 10000017,
>
> "description" : "Bonfire Development CAS Single Sign-On",
>
> "proxyPolicy" : {
>
> "@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
>
> },
>
> "evaluationOrder" : 0,
>
> "usernameAttributeProvider" : {
>
> "@class" :
> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
>
> },
>
> "logoutType" : "BACK_CHANNEL",
>
> "attributeReleasePolicy" : {
>
> "@class" : "org.jasig.cas.services.*ReturnAllAttributeReleasePolic*y"
>
> },
>
> "accessStrategy" : {
>
> "@class" :
> "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
>
> "enabled" : true,
>
> "ssoEnabled" : true
>
> }
>
> }
>
>
>
> Only problem is that I am still just seeing only the the "user" attribute
> in the validation response. Is there something more I need to configure?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Tuesday, January 5, 2016 at 1:16:21 PM UTC-5, Misagh Moayyed wrote:
>
> Since you are on 4.1, your authentication handler is able to create the
> principal with all the attributes it needs. So, as long as your handler is
> stuffing that attribute into the final Principal that is created, you
> should be able to dictate to a service that the attribute should be used in
> the final response.
>
>
>
> See this as an example of how LDAP AuthN adds attributes:
>
>
> https://github.com/Jasig/cas/blob/4.1.x/cas-server-support-ldap/src/main/java/org/jasig/cas/authentication/LdapAuthenticationHandler.java#L196
>
>
>
> Have yours do the same. You simply need to decide what the attribute name
> should be, and stuff it into a map that the principal carries for
> attributes.
>
>
>
> This is also relevant:
>
>
> https://jasig.github.io/cas/4.1.x/installation/Configuring-Principal-Resolution.html#principalresolver-vs-authenticationhandler
>
>
>
> *From:* [email protected] [mailto:[email protected]] *On Behalf Of *John
> Bruestle
> *Sent:* Tuesday, January 5, 2016 11:11 AM
> *To:* CAS Community <[email protected]>
> *Cc:* [email protected]
> *Subject:* Re: [cas-user] Returning userid in Validation Response
>
>
>
> Thanks. Yes, that tells me how to configure the response so it will show
> the specific attributes I want, but it doesn't tell me how to create the
> attributes. In my case, I'm getting a userid returned by the store
> procedure I'm calling in my AuthenticationHandler, when authenticating.
> I'd like to add code there, at the point that I know the userid, to store
> (resolve?) it as an attribute. How do I do that?
>
>
>
>
>
> On Tuesday, January 5, 2016 at 12:28:38 PM UTC-5, Misagh Moayyed wrote:
>
> See if this helps:
>
> https://jasig.github.io/cas/4.1.x/integration/Attribute-Release.html
>
>
>
> Section “Principal-Id Attribute”.
>
>
>
> *From:* [email protected] [mailto:[email protected] <[email protected]>]
> *On Behalf Of *John Bruestle
> *Sent:* Tuesday, January 5, 2016 9:02 AM
> *To:* CAS Community <[email protected]>
> *Subject:* [cas-user] Returning userid in Validation Response
>
>
>
> My system's usernames used for logins are not the same as the unique
> userid's used by the database. In fact, usernames aren't necessarily
> unique and sometimes require the password to determine the specific
> userid. I need my validation response to return the userid.
>
>
>
> I already have a custom AuthenticationHandler, which implements
> AbstractJdbcUsernamePasswordAuthenticationHandler, that is correctly
> authenticating using a MSSQL stored procedure. One of the byproducts of
> calling the procedure is the userid, so that in the AuthenticationHandler
> we do know what the userid is.
>
>
>
> From my reading, it seems that there may be a way to store the userid away
> as an attribute, which could later be used as part of the validation
> response. I'm stuck however trying to figure out how to do this. I would
> appreciate some pointers, especially if they came with the specific XML
> files I need to modify and the functions I should call from within my
> AuthenticationHandler to store the attribute.
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
>
--
John Bruestle
[email protected]
(609) 737-7250
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
