Here is my entire deployerConfigContext.xml;
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:c="http://www.springframework.org/schema/c"; xmlns:tx="http://www.springframework.org/schema/tx"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:sec="http://www.springframework.org/schema/security"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd";> <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> <constructor-arg> <map> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <entry key-ref="primaryAuthenticationHandler" value="#{null}" /> </map> </constructor-arg> <property name="authenticationPolicy"> <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> </property> </bean> <!-- Required for proxy ticket mechanism. --> <bean id="proxyAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="supportsTrustStoreSslSocketFactoryHttpClient" /> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="net.sourceforge.jtds.jdbc.Driver"/> <property name="url" value="jdbc:jtds:sqlserver://localhost/Bonfire;integrated security=false"/> <property name="username" value="xxxxx"/> <property name="password" value="xxxxxxxxxxxx"/> </bean> <bean id="primaryAuthenticationHandler" class="org.jasig.cas.adaptors.jdbc.BonfireAuthenticationHandler" p:dataSource-ref="dataSource" p:sql="EXEC dbo.LoginAuthenticateCAS ?, ?, ?" /> <!-- Required for proxy ticket mechanism --> <bean id="proxyPrincipalResolver" class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" /> <bean id="primaryPrincipalResolver" class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" p:principalFactory-ref="principalFactory" /> <bean id="serviceRegistryDao" class="org.jasig.cas.services.JsonServiceRegistryDao" c:configDirectory="${service.registry.config.location:classpath:services}" /> <bean id="auditTrailManager" class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" /> <util:list id="monitorsList"> <bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" /> <bean class="org.jasig.cas.monitor.SessionMonitor" p:ticketRegistry-ref="ticketRegistry" p:serviceTicketCountWarnThreshold="5000" p:sessionCountWarnThreshold="100000" /> </util:list> </beans> On Wed, Jan 6, 2016 at 2:30 PM, Dmitriy Kopylenko <[email protected]> wrote: > Can you share your entire deployerConfigContext.xml? > > Thanks, > Dmitriy. > > On Jan 6, 2016, at 2:14 PM, John Bruestle <[email protected]> wrote: > > I wasn't erally expecting to change the username provided, although that > would be OK. I was just expecting to add an other data item to what the > validation response returnd. > > Anyway, I tried changing to: > > "usernameAttributeProvider" : { > "@class" : > "org.jasig.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider", > "usernameAttribute" : "def" > }, > "attributeReleasePolicy" : { > "@class" : > "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", > "allowedAttributes" : [ "java.util.ArrayList", [ "cn", "abc", "def" ] ] > }, > > > And I am still not seeing the test "def" attribute I created in my > Authentication Handler by going: > > final Map<String, Object> attributes = new HashMap<>(); > attributes.put("abc", "123"); > attributes.put("def", "456"); > > I do wonder if I am suppose to be defining a different attribute > repository. Right now my deployerConfigContext.xml contains: > > > <bean id="attributeRepository" > class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao" > p:backingMap-ref="attrRepoBackingMap" /> > > <util:map id="attrRepoBackingMap"> > <entry key="uid" value="uid" /> > <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> > <entry key="groupMembership" value="groupMembership" /> > <entry> > <key><value>memberOf</value></key> > <list> > <value>faculty</value> > <value>staff</value> > <value>org</value> > </list> > </entry> > </util:map> > > > > > On Wed, Jan 6, 2016 at 2:01 AM, Misagh Moayyed <[email protected]> > wrote: > >> Because you told your service to use the default CAS behavior when >> returning usernames, via: "@class" : >> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider" >> >> You never told it which attribute should be used as the username. It >> cannot know that without your direct instructions. >> >> >> >> If you go back to the original link I sent you, that should help describe >> what options are available for providing usernames for registered services. >> Pick the one that works on an attribute. >> >> >> >> *From:* John Bruestle [mailto:[email protected]] >> *Sent:* Tuesday, January 5, 2016 3:19 PM >> *To:* CAS Community <[email protected]> >> *Cc:* [email protected] >> *Subject:* Re: [cas-user] Returning userid in Validation Response >> >> >> >> Thank you for your help. I think I am getting closer: >> >> >> >> As a test, I changed the bottom of my AuthenticationHandler to: >> >> >> >> final Map<String, Object> attributes = new >> HashMap<>(); >> >> attributes.put("abc", "123"); >> >> attributes.put("def", "456"); >> >> >> >> return createHandlerResult(credential, >> this.principalFactory.createPrincipal(username,attributes), null) >> >> >> >> And I updated the service definition to: >> >> >> >> { >> >> "@class" : "org.jasig.cas.services.RegexRegisteredService", >> >> "serviceId" : "^http://localhost/bonfire/cas/.*";, >> >> "name" : "Bonfire Development", >> >> "id" : 10000017, >> >> "description" : "Bonfire Development CAS Single Sign-On", >> >> "proxyPolicy" : { >> >> "@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy" >> >> }, >> >> "evaluationOrder" : 0, >> >> "usernameAttributeProvider" : { >> >> "@class" : >> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider" >> >> }, >> >> "logoutType" : "BACK_CHANNEL", >> >> "attributeReleasePolicy" : { >> >> "@class" : "org.jasig.cas.services.*ReturnAllAttributeReleasePolic*y" >> >> }, >> >> "accessStrategy" : { >> >> "@class" : >> "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", >> >> "enabled" : true, >> >> "ssoEnabled" : true >> >> } >> >> } >> >> >> >> Only problem is that I am still just seeing only the the "user" attribute >> in the validation response. Is there something more I need to configure? >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> On Tuesday, January 5, 2016 at 1:16:21 PM UTC-5, Misagh Moayyed wrote: >> >> Since you are on 4.1, your authentication handler is able to create the >> principal with all the attributes it needs. So, as long as your handler is >> stuffing that attribute into the final Principal that is created, you >> should be able to dictate to a service that the attribute should be used in >> the final response. >> >> >> >> See this as an example of how LDAP AuthN adds attributes: >> >> >> https://github.com/Jasig/cas/blob/4.1.x/cas-server-support-ldap/src/main/java/org/jasig/cas/authentication/LdapAuthenticationHandler.java#L196 >> >> >> >> Have yours do the same. You simply need to decide what the attribute name >> should be, and stuff it into a map that the principal carries for >> attributes. >> >> >> >> This is also relevant: >> >> >> https://jasig.github.io/cas/4.1.x/installation/Configuring-Principal-Resolution.html#principalresolver-vs-authenticationhandler >> >> >> >> *From:* [email protected] [mailto:[email protected]] *On Behalf Of *John >> Bruestle >> *Sent:* Tuesday, January 5, 2016 11:11 AM >> *To:* CAS Community <[email protected]> >> *Cc:* [email protected] >> *Subject:* Re: [cas-user] Returning userid in Validation Response >> >> >> >> Thanks. Yes, that tells me how to configure the response so it will show >> the specific attributes I want, but it doesn't tell me how to create the >> attributes. In my case, I'm getting a userid returned by the store >> procedure I'm calling in my AuthenticationHandler, when authenticating. >> I'd like to add code there, at the point that I know the userid, to store >> (resolve?) it as an attribute. How do I do that? >> >> >> >> >> >> On Tuesday, January 5, 2016 at 12:28:38 PM UTC-5, Misagh Moayyed wrote: >> >> See if this helps: >> >> https://jasig.github.io/cas/4.1.x/integration/Attribute-Release.html >> >> >> >> Section “Principal-Id Attribute”. >> >> >> >> *From:* [email protected] [mailto:[email protected] >> <[email protected]>] *On Behalf Of *John Bruestle >> *Sent:* Tuesday, January 5, 2016 9:02 AM >> *To:* CAS Community <[email protected]> >> *Subject:* [cas-user] Returning userid in Validation Response >> >> >> >> My system's usernames used for logins are not the same as the unique >> userid's used by the database. In fact, usernames aren't necessarily >> unique and sometimes require the password to determine the specific >> userid. I need my validation response to return the userid. >> >> >> >> I already have a custom AuthenticationHandler, which implements >> AbstractJdbcUsernamePasswordAuthenticationHandler, that is correctly >> authenticating using a MSSQL stored procedure. One of the byproducts of >> calling the procedure is the userid, so that in the AuthenticationHandler >> we do know what the userid is. >> >> >> >> From my reading, it seems that there may be a way to store the userid >> away as an attribute, which could later be used as part of the validation >> response. I'm stuck however trying to figure out how to do this. I would >> appreciate some pointers, especially if they came with the specific XML >> files I need to modify and the functions I should call from within my >> AuthenticationHandler to store the attribute. >> >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> > > > > -- > John Bruestle > [email protected] > (609) 737-7250 > > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > > > -- John Bruestle [email protected] (609) 737-7250 -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
