Roger that. Thanks for the insight. Cheers, D.
> On Jan 7, 2016, at 11:53 AM, John Ryan <[email protected]> wrote: > > The shiro cas client works just nicely with the v3 protocol; have been using > it since last summer to push attributes down to client. Tested both SAML and > CAS v3; both worked but went with v3 since it's a much thinner stack. > John > RedZone Software > On 1/7/2016 4:05 PM, Dmitriy Kopylenko wrote: >> Attributes are exposed by CAS in the ticket validation response via SAML >> response and CAS protocol v3 response (only in CAS4). Most likely the shiro >> cas client does not (yet) implement CAS protocol v3, hence only SAML. >> >> Cheers, >> D. >> >>> On Jan 7, 2016, at 11:02 AM, Jonathan Labin < >>> <mailto:[email protected]>[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> I see that the shiro docs state >>> attributes and remember me information are only pushed throught the SAML >>> validation procotol (except specific customizations) >>> But aren't they pushed through the CAS protocol too? >>> >>> Or does this mean that the shiro-cas client can only pull them from SAML >>> and not the CAS protocol? >>> In theory could the shiro-cas client be modified to pull attributes from >>> the CAS protocol without SAML? >>> >>> On Saturday, December 26, 2015 at 7:14:49 AM UTC-5, Dmitriy Kopylenko wrote: >>> Not necessary at all. You could've simply switched Shiro's CAS ST >>> validation mode to SAML like so: >>> >>> casRealm.validationProtocol=SAML >>> http://shiro.apache.org/cas.html <http://shiro.apache.org/cas.html> >>> Note: CAS v4 requires explicit enablement of SAML support. >>> Cheers, >>> Dmitriy. >>> Sent from my iPhone >>> On Dec 25, 2015, at 10:42, rono <[email protected] <javascript:>> wrote: >>>> OK!!!! >>>> i,m solve the problem >>>> edit >>>> cas-server-webapp\src\main\webapp\WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp >>>> <%@ page session="false" contentType="text/xml; charset=UTF-8" %> >>>> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core >>>> <http://java.sun.com/jsp/jstl/core>" %> >>>> <%@ taglib uri="http://java.sun.com/jsp/jstl/functions >>>> <http://java.sun.com/jsp/jstl/functions>" prefix="fn" %> >>>> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas >>>> <http://www.yale.edu/tp/cas>' >>>> xmlns:gtx="http://www.gentics.com/sso/cas/xmlns >>>> <http://www.gentics.com/sso/cas/xmlns>"> >>>> <cas:authenticationSuccess> >>>> >>>> <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id >>>> <http://principal.id/>)}</cas:user> >>>> <cas:attributes> >>>> <c:forEach var='item' >>>> >>>> items='${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}'> >>>> <gtx:${item.key}>${item.value}</gtx:${item.key}> >>>> </c:forEach> >>>> </cas:attributes> >>>> <c:if test="${not empty pgtIou}"> >>>> <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket> >>>> </c:if> >>>> <c:if test="${fn:length(assertion.chainedAuthentications) > 1}"> >>>> <cas:proxies> >>>> <c:forEach var="proxy" >>>> items="${assertion.chainedAuthentications}" varStatus="loopStatus" >>>> begin="0" end="${fn:length(assertion.chainedAuthentications)-2}" step="1"> >>>> <cas:proxy>${fn:escapeXml(proxy.principal.id >>>> <http://proxy.principal.id/>)}</cas:proxy> >>>> </c:forEach> >>>> </cas:proxies> >>>> </c:if> >>>> </cas:authenticationSuccess> >>>> </cas:serviceResponse> >>>> On Wednesday, December 23, 2015 at 2:30:36 PM UTC+8, Misagh Moayyed wrote: >>>> Study: >>>> >>>> http://jasig.github.io/cas/4.1.x/protocol/CAS-Protocol-Specification.html#p3servicevalidate-cas-30 >>>> >>>> <http://jasig.github.io/cas/4.1.x/protocol/CAS-Protocol-Specification.html#p3servicevalidate-cas-30> >>>> http://jasig.github.io/cas/4.1.x/integration/Attribute-Release.html >>>> <http://jasig.github.io/cas/4.1.x/integration/Attribute-Release.html> >>>> >>>> >>>> From: [email protected] <> [mailto:[email protected] <>] On Behalf Of >>>> jason Sent: Tuesday, December 22, 2015 11:20 PM To: CAS Community >>>> <[email protected] <>> Subject: [cas-user] how to get shiro roles and >>>> permissions attributes from cas server >>>> >>>> >>>> when i use shiro-cas client buile web application i want to get shiro >>>> roles and permissions attributes from cas server >>>> >>>> >>>> the cas server: >>>> >>>> >>>> i custom a AttributeDao to response roles and permissions info >>>> >>>> >>>> public class BlogStubPersonAttributeDao extends StubPersonAttributeDao { >>>> >>>> @Override >>>> >>>> public IPersonAttributes getPerson(String uid) { >>>> >>>> >>>> Map<String, List<Object>> attributes = new HashMap<String, >>>> List<Object>>(); >>>> >>>> attributes.put("userid", Collections.singletonList((Object)uid)); >>>> >>>> attributes.put("roles", >>>> Collections.singletonList((Object)"role_admin")); >>>> >>>> attributes.put("permissions", >>>> Collections.singletonList((Object)"user:create")); >>>> >>>> attributes.put("test", Collections.singletonList((Object)"test")); >>>> >>>> return new AttributeNamedPersonImpl(attributes); >>>> >>>> } >>>> >>>> } >>>> >>>> >>>> and deployerConfigContext.xml >>>> >>>> <bean id="attributeRepository" >>>> class="org.jasig.services.persondir.support.BlogStubPersonAttributeDao" /> >>>> >>>> >>>> cas client use shiro >>>> >>>> 1. <bean id="casRealm" class="org.apache.shiro.cas.CasRealm"> >>>> 2. <property name="defaultRoles" value="admin,user"/> >>>> >>>> 3. <property name="defaultPermissions" >>>> value="user:create,user:update"/> >>>> 4. <property name="roleAttributeNames" value="roles"/> >>>> 5. <proper >>>> ty name="permissionAttributeNames" value="permissions"/> >>>> 6. <property name="casServerUrlPrefix" >>>> value="https://localhost:8443/chapter14-server >>>> <https://localhost:8443/chapter14-server>"/> >>>> 7. <property name="casService" >>>> value="https://localhost:9443/chapter14-client/cas >>>> <https://localhost:9443/chapter14-client/cas>"/> >>>> 8. </bean> >>>> >>>> but the cas server can not response roles and permissions so how to get >>>> shiro roles and permissions attributes from cas server when i used below >>>> https://github.com/apache/shiro/blob/1.2.x/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java#L162 >>>> >>>> <https://github.com/apache/shiro/blob/1.2.x/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java#L162> >>>> -- You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. To unsubscribe from this group and stop >>>> receiving emails from it, send an email to [email protected] <>. >>>> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ >>>> <https://groups.google.com/a/apereo.org/group/cas-user/>. >>>> >>>> -- You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. To unsubscribe from this group and stop >>>> receiving emails from it, send an email to [email protected] >>>> <javascript:>. Visit this group at >>>> https://groups.google.com/a/apereo.org/group/cas-user/ >>>> <https://groups.google.com/a/apereo.org/group/cas-user/>. >> -- You received this message because you are subscribed to the Google Groups >> "CAS Community" group. To unsubscribe from this group and stop receiving >> emails from it, send an email to [email protected] >> <mailto:[email protected]>. Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/ >> <https://groups.google.com/a/apereo.org/group/cas-user/>. > > This transmission contains confidential information intended solely for the > party identified above. If you receive this message in error, you must not > use it or convey it to others. Please destroy it immediately and contact the > sender at (303) 386-3955 or by return e-mail to the sender. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > <https://groups.google.com/a/apereo.org/group/cas-user/>. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
