The shiro cas client works just nicely with the v3 protocol; have been
using it since last summer to push attributes down to client. Tested
both SAML and CAS v3; both worked but went with v3 since it's a much
thinner stack.
John
RedZone Software
On 1/7/2016 4:05 PM, Dmitriy Kopylenko wrote:
Attributes are exposed by CAS in the ticket validation response via
SAML response and CAS protocol v3 response (only in CAS4). Most likely
the shiro cas client does not (yet) implement CAS protocol v3, hence
only SAML.
Cheers,
D.
On Jan 7, 2016, at 11:02 AM, Jonathan Labin <[email protected]
<mailto:[email protected]>> wrote:
I see that the shiro docs state
attributes and remember me information are only pushed throught
the SAML validation procotol (except specific customizations)
But aren't they pushed through the CAS protocol too?
Or does this mean that the shiro-cas client can only pull them from
SAML and not the CAS protocol?
In theory could the shiro-cas client be modified to pull attributes
from the CAS protocol without SAML?
On Saturday, December 26, 2015 at 7:14:49 AM UTC-5, Dmitriy Kopylenko
wrote:
Not necessary at all. You could've simply switched Shiro's CAS ST
validation mode to SAML like so:
casRealm.validationProtocol=SAML
http://shiro.apache.org/cas.html <http://shiro.apache.org/cas.html>
Note: CAS v4 requires explicit enablement of SAML support.
Cheers,
Dmitriy.
Sent from my iPhone
On Dec 25, 2015, at 10:42, rono <[email protected] <javascript:>>
wrote:
OK!!!!
i,m solve the problem
edit
cas-server-webapp\src\main\webapp\WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp
<%@ page session="false" contentType="text/xml; charset=UTF-8"
%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core
<http://java.sun.com/jsp/jstl/core>" %> <%@ taglib
uri="http://java.sun.com/jsp/jstl/functions
<http://java.sun.com/jsp/jstl/functions>" prefix="fn" %>
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas
<http://www.yale.edu/tp/cas>'
xmlns:gtx="http://www.gentics.com/sso/cas/xmlns
<http://www.gentics.com/sso/cas/xmlns>">
<cas:authenticationSuccess>
<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id
<http://principal.id/>)}</cas:user> <cas:attributes> <c:forEach var='item'
items='${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}'>
<gtx:${item.key}>${item.value}</gtx:${item.key}>
</c:forEach> </cas:attributes> <c:if test="${not empty pgtIou}"> <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket> </c:if> <c:if
test="${fn:length(assertion.chainedAuthentications) >1}"> <cas:proxies> <c:forEach var="proxy" items="${assertion.chainedAuthentications}" varStatus="loopStatus" begin="0"
end="${fn:length(assertion.chainedAuthentications)-2}" step="1"> <cas:proxy>${fn:escapeXml(proxy.principal.id <http://proxy.principal.id/>)}</cas:proxy> </c:forEach> </cas:proxies> </c:if>
</cas:authenticationSuccess> </cas:serviceResponse>
On Wednesday, December 23, 2015 at 2:30:36 PM UTC+8, Misagh
Moayyed wrote:
Study:
http://jasig.github.io/cas/4.1.x/protocol/CAS-Protocol-Specification.html#p3servicevalidate-cas-30
<http://jasig.github.io/cas/4.1.x/protocol/CAS-Protocol-Specification.html#p3servicevalidate-cas-30>
http://jasig.github.io/cas/4.1.x/integration/Attribute-Release.html
<http://jasig.github.io/cas/4.1.x/integration/Attribute-Release.html>
*From:*[email protected] [mailto:[email protected]] *On
Behalf Of *jason *Sent:* Tuesday, December 22, 2015 11:20 PM
*To:* CAS Community <[email protected]> *Subject:*
[cas-user] how to get shiro roles and permissions attributes
from cas server
when i use shiro-cas client buile web application i want to
get shiro roles and permissions attributes from cas server
the cas server:
i custom a AttributeDao to response roles and permissions info
public class BlogStubPersonAttributeDao extends
StubPersonAttributeDao {
@Override
public IPersonAttributes getPerson(String uid) {
Map<String, List<Object>> attributes = new
HashMap<String, List<Object>>();
attributes.put("userid",
Collections.singletonList((Object)uid));
attributes.put("roles",
Collections.singletonList((Object)"role_admin"));
attributes.put("permissions",
Collections.singletonList((Object)"user:create"));
attributes.put("test",
Collections.singletonList((Object)"test"));
return new AttributeNamedPersonImpl(attributes);
}
}
and *deployerConfigContext.xml*
<bean
id="attributeRepository"class="org.jasig.services.persondir.support.BlogStubPersonAttributeDao" />
cas client use shiro
1.<bean id="casRealm"*class*="org.apache.shiro.cas.CasRealm">
2. <property name="defaultRoles" value="admin,user"/>
3. <property name="defaultPermissions"
value="user:create,user:update"/>
4. <property name="roleAttributeNames" value="roles"/>
5. <property name="permissionAttributeNames"value="permissions"/>
6. <property name="casServerUrlPrefix"
value="https://localhost:8443/chapter14-server
<https://localhost:8443/chapter14-server>"/>
7. <property name="casService"
value="https://localhost:9443/chapter14-client/cas
<https://localhost:9443/chapter14-client/cas>"/>
8.</bean>
but the cas server can not response roles and permissions so
how to get shiro roles and permissions attributes from cas
server when i used below
https://github.com/apache/shiro/blob/1.2.x/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java#L162
<https://github.com/apache/shiro/blob/1.2.x/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java#L162>
-- You received this message because you are subscribed to
the Google Groups "CAS Community" group. To unsubscribe from
this group and stop receiving emails from it, send an email
to [email protected]. Visit this group at
https://groups.google.com/a/apereo.org/group/cas-user/
<https://groups.google.com/a/apereo.org/group/cas-user/>.
-- You received this message because you are subscribed to the
Google Groups "CAS Community" group. To unsubscribe from this
group and stop receiving emails from it, send an email to
[email protected] <javascript:>. Visit this group at
https://groups.google.com/a/apereo.org/group/cas-user/
<https://groups.google.com/a/apereo.org/group/cas-user/>.
-- You received this message because you are subscribed to the Google
Groups "CAS Community" group. To unsubscribe from this group and stop
receiving emails from it, send an email to
[email protected]
<mailto:[email protected]>. Visit this group at
https://groups.google.com/a/apereo.org/group/cas-user/.
--
This transmission contains confidential information intended solely for the
party identified above. If you receive this message in error, you must not
use it or convey it to others. Please destroy it immediately and contact
the sender at (303) 386-3955 or by return e-mail to the sender.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
