Hi, The shiro-cas module is deprecated and will be removed in Shiro v2.
You should use the buji-pac4j extension: https://github.com/bujiio/buji-pac4j. Demo: https://github.com/pac4j/buji-pac4j-demo It has support for CAS protocol v3, remember-me and proxy. Thanks. Best regards, Jérôme 2016-01-07 18:43 GMT+01:00 Jonathan Labin <[email protected]>: > Does shiro-cas use the v3 protocol by default or do you need to set > the casRealm.validationProtocol to something special? > Do principal cas attributes and "remember me" pass through this protocol? > > On Thursday, January 7, 2016 at 11:53:26 AM UTC-5, jryan wrote: >> >> The shiro cas client works just nicely with the v3 protocol; have been >> using it since last summer to push attributes down to client. Tested both >> SAML and CAS v3; both worked but went with v3 since it's a much thinner >> stack. >> >> John >> RedZone Software >> >> On 1/7/2016 4:05 PM, Dmitriy Kopylenko wrote: >> >> Attributes are exposed by CAS in the ticket validation response via SAML >> response and CAS protocol v3 response (only in CAS4). Most likely the shiro >> cas client does not (yet) implement CAS protocol v3, hence only SAML. >> >> Cheers, >> D. >> >> On Jan 7, 2016, at 11:02 AM, Jonathan Labin <[email protected]> wrote: >> >> I see that the shiro docs state >> >>> attributes and remember me information are only pushed throught the SAML >>> validation procotol (except specific customizations) >> >> But aren't they pushed through the CAS protocol too? >> >> Or does this mean that the shiro-cas client can only pull them from SAML >> and not the CAS protocol? >> In theory could the shiro-cas client be modified to pull attributes from >> the CAS protocol without SAML? >> >> On Saturday, December 26, 2015 at 7:14:49 AM UTC-5, Dmitriy Kopylenko >> wrote: >>> >>> Not necessary at all. You could've simply switched Shiro's CAS ST >>> validation mode to SAML like so: >>> >>> casRealm.validationProtocol=SAML >>> >>> http://shiro.apache.org/cas.html >>> >>> Note: CAS v4 requires explicit enablement of SAML support. >>> >>> Cheers, >>> >>> Dmitriy. >>> >>> Sent from my iPhone >>> On Dec 25, 2015, at 10:42, rono <[email protected]> wrote: >>> >>> OK!!!! >>> i,m solve the problem >>> edit >>> cas-server-webapp\src\main\webapp\WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp >>> >>> <%@ page session="false" contentType="text/xml; charset=UTF-8" %><%@ taglib >>> prefix="c" uri="http://java.sun.com/jsp/jstl/core"; %><%@ taglib >>> uri="http://java.sun.com/jsp/jstl/functions"; prefix="fn" >>> %><cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas' >>> xmlns:gtx="http://www.gentics.com/sso/cas/xmlns";> >>> <cas:authenticationSuccess> >>> <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user> >>> <cas:attributes> <c:forEach var='item' >>> >>> items='${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}'> >>> <gtx:${item.key}>${item.value}</gtx:${item.key}> >>> </c:forEach> </cas:attributes> <c:if test="${not >>> empty pgtIou}"> >>> <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket> </c:if> >>> <c:if test="${fn:length(assertion.chainedAuthentications) > 1}"> >>> <cas:proxies> <c:forEach var="proxy" >>> items="${assertion.chainedAuthentications}" varStatus="loopStatus" >>> begin="0" end="${fn:length(assertion.chainedAuthentications)-2}" step="1"> >>> >>> <cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy> >>> </c:forEach> </cas:proxies> </c:if> >>> </cas:authenticationSuccess></cas:serviceResponse> >>> >>> On Wednesday, December 23, 2015 at 2:30:36 PM UTC+8, Misagh Moayyed >>> wrote: >>>> >>>> Study: >>>> >>>> >>>> http://jasig.github.io/cas/4.1.x/protocol/CAS-Protocol-Specification.html#p3servicevalidate-cas-30 >>>> >>>> http://jasig.github.io/cas/4.1.x/integration/Attribute-Release.html >>>> >>>> >>>> >>>> *From:* [email protected] [mailto:[email protected]] *On Behalf Of *jason >>>> *Sent:* Tuesday, December 22, 2015 11:20 PM *To:* CAS Community < >>>> [email protected]> *Subject:* [cas-user] how to get shiro roles and >>>> permissions attributes from cas server >>>> >>>> >>>> when i use shiro-cas client buile web application i want to get shiro >>>> roles and permissions attributes from cas server >>>> >>>> >>>> the cas server: >>>> >>>> >>>> i custom a AttributeDao to response roles and permissions info >>>> >>>> >>>> public class BlogStubPersonAttributeDao extends StubPersonAttributeDao { >>>> >>>> @Override >>>> >>>> public IPersonAttributes getPerson(String uid) { >>>> >>>> >>>> Map<String, List<Object>> attributes = new HashMap<String, >>>> List<Object>>(); >>>> >>>> attributes.put("userid", >>>> Collections.singletonList((Object)uid)); >>>> >>>> attributes.put("roles", >>>> Collections.singletonList((Object)"role_admin")); >>>> >>>> attributes.put("permissions", >>>> Collections.singletonList((Object)"user:create")); >>>> >>>> attributes.put("test", >>>> Collections.singletonList((Object)"test")); >>>> >>>> return new AttributeNamedPersonImpl(attributes); >>>> >>>> } >>>> >>>> } >>>> >>>> >>>> and *deployerConfigContext.xml* >>>> >>>> <bean id="attributeRepository" >>>> class="org.jasig.services.persondir.support.BlogStubPersonAttributeDao" /> >>>> >>>> >>>> >>>> cas client use shiro >>>> >>>> >>>> >>>> 1. <bean id="casRealm" *class*="org.apache.shiro.cas.CasRealm"> >>>> >>>> 2. <property name="defaultRoles" value="admin,user"/> >>>> >>>> >>>> 3. <property name="defaultPermissions" >>>> value="user:create,user:update"/> >>>> >>>> 4. <property name="roleAttributeNames" value="roles"/> >>>> >>>> 5. <proper >>>> ty name="permissionAttributeNames" value="permissions"/> >>>> >>>> 6. <property name="casServerUrlPrefix" >>>> value="https://localhost:8443/chapter14-server"/> >>>> >>>> 7. <property name="casService" >>>> value="https://localhost:9443/chapter14-client/cas"/> >>>> >>>> 8. </bean> >>>> >>>> >>>> >>>> but the cas server can not response roles and permissions so how to >>>> get shiro roles and permissions attributes from cas server when i used >>>> below >>>> https://github.com/apache/shiro/blob/1.2.x/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java#L162 >>>> >>>> -- You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. To unsubscribe from this group and stop >>>> receiving emails from it, send an email to [email protected]. >>>> Visit this group at >>>> https://groups.google.com/a/apereo.org/group/cas-user/. >>>> >>> -- You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. To unsubscribe from this group and stop >>> receiving emails from it, send an email to [email protected]. >>> Visit this group at >>> https://groups.google.com/a/apereo.org/group/cas-user/. >>> >>> -- You received this message because you are subscribed to the Google >> Groups "CAS Community" group. To unsubscribe from this group and stop >> receiving emails from it, send an email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> >> >> This transmission contains confidential information intended solely for >> the party identified above. If you receive this message in error, you must >> not use it or convey it to others. Please destroy it immediately and >> contact the sender at (303) 386-3955 or by return e-mail to the sender. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
