I see that the shiro docs state > attributes and remember me information are only pushed throught the SAML > validation procotol (except specific customizations)
But aren't they pushed through the CAS protocol too? Or does this mean that the shiro-cas client can only pull them from SAML and not the CAS protocol? In theory could the shiro-cas client be modified to pull attributes from the CAS protocol without SAML? On Saturday, December 26, 2015 at 7:14:49 AM UTC-5, Dmitriy Kopylenko wrote: > > Not necessary at all. You could've simply switched Shiro's CAS ST > validation mode to SAML like so: > > casRealm.validationProtocol=SAML > > http://shiro.apache.org/cas.html > > Note: CAS v4 requires explicit enablement of SAML support. > > Cheers, > > Dmitriy. > > > > > Sent from my iPhone > > On Dec 25, 2015, at 10:42, rono <[email protected] <javascript:>> wrote: > > OK!!!! > i,m solve the problem > edit > cas-server-webapp\src\main\webapp\WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp > > <%@ page session="false" contentType="text/xml; charset=UTF-8" %> > <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"; %> > <%@ taglib uri="http://java.sun.com/jsp/jstl/functions"; prefix="fn" %> > <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas' > xmlns:gtx="http://www.gentics.com/sso/cas/xmlns";> > <cas:authenticationSuccess> > > <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user> > <cas:attributes> > <c:forEach var='item' > > items='${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}'> > <gtx:${item.key}>${item.value}</gtx:${item.key}> > </c:forEach> > </cas:attributes> > <c:if test="${not empty pgtIou}"> > <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket> > </c:if> > <c:if test="${fn:length(assertion.chainedAuthentications) > 1}"> > <cas:proxies> > <c:forEach var="proxy" > items="${assertion.chainedAuthentications}" varStatus="loopStatus" begin="0" > end="${fn:length(assertion.chainedAuthentications)-2}" step="1"> > <cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy> > </c:forEach> > </cas:proxies> > </c:if> > </cas:authenticationSuccess> > </cas:serviceResponse> > > > On Wednesday, December 23, 2015 at 2:30:36 PM UTC+8, Misagh Moayyed wrote: >> >> Study: >> >> >> http://jasig.github.io/cas/4.1.x/protocol/CAS-Protocol-Specification.html#p3servicevalidate-cas-30 >> >> http://jasig.github.io/cas/4.1.x/integration/Attribute-Release.html >> >> >> >> >> >> *From:* [email protected] [mailto:[email protected]] *On Behalf Of * >> jason >> *Sent:* Tuesday, December 22, 2015 11:20 PM >> *To:* CAS Community <[email protected]> >> *Subject:* [cas-user] how to get shiro roles and permissions attributes >> from cas server >> >> >> >> when i use shiro-cas client buile web application >> i want to get shiro roles and permissions attributes from cas server >> >> >> >> the cas server: >> >> >> >> i custom a AttributeDao to response roles and permissions info >> >> >> >> public class BlogStubPersonAttributeDao extends StubPersonAttributeDao { >> >> @Override >> >> public IPersonAttributes getPerson(String uid) { >> >> >> >> Map<String, List<Object>> attributes = new HashMap<String, >> List<Object>>(); >> >> attributes.put("userid", Collections.singletonList((Object)uid)); >> >> attributes.put("roles", >> Collections.singletonList((Object)"role_admin")); >> >> attributes.put("permissions", >> Collections.singletonList((Object)"user:create")); >> >> attributes.put("test", Collections.singletonList((Object)"test")); >> >> return new AttributeNamedPersonImpl(attributes); >> >> } >> >> } >> >> >> >> and *deployerConfigContext.xml* >> >> <bean id="attributeRepository" >> class="org.jasig.services.persondir.support.BlogStubPersonAttributeDao" /> >> >> >> >> >> cas client use shiro >> >> >> >> 1. <bean id="casRealm" *class*="org.apache.shiro.cas.CasRealm"> >> >> 2. <property name="defaultRoles" value="admin,user"/> >> >> 3. <property name="defaultPermissions" >> value="user:create,user:update"/> >> >> 4. <property name="roleAttributeNames" value="roles"/> >> >> 5. <property name="permissionAttributeNames" value="permissions"/> >> >> 6. <property name="casServerUrlPrefix" >> value="https://localhost:8443/chapter14-server"/> >> >> 7. <property name="casService" >> value="https://localhost:9443/chapter14-client/cas"/> >> >> 8. </bean> >> >> >> >> but the cas server can not response roles and permissions >> so how to get shiro roles and permissions attributes from cas server when >> i used below >> >> https://github.com/apache/shiro/blob/1.2.x/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java#L162 >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
