> In short, is there some way to dump the > principal after authentication, or some other way to tell if the > attributes have been properly stored.
PolicyBasedAuthenticationManager logs the resolved principal at DEBUG: logger.info("Authenticated {} with credentials {}.", principal, Arrays.asList(credentials)); logger.debug("Attribute map for {}: {}", principal.getId(), principal.getAttributes()); Turning up org.jasig.cas.authentication to DEBUG would print out the information you need to definitively show whether the attributes you expect are in the principal. > > This is the definition of the "primaryPrincipalResolver" that seems to > finally be working: > > <!-- > | Resolves a principal from a credential using an attribute > repository that is configured to resolve > | against a deployer-specific store (e.g. LDAP). > --> > <bean id="primaryPrincipalResolver" > > class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >> > <property name="attributeRepository" ref="attributeRepository" /> > </bean> While I imagine that it does work, it's not efficient since you're effectively doing attribute resolution twice. The handler can resolve attributes on the same connection as that used for authentication; with PersonDirectoryPrincipalResolver, you're opening a new connection to do it again. The wrinkle is that you MUST define an attributeRepository bean for use by other system components, but you should probably use a StubPersonAttributeDao [1] bean that simply has the attribute mapping. M [1] http://developer.jasig.org/projects/person-directory/1.1.1/apidocs/org/jasig/services/persondir/support/StubPersonAttributeDao.html -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user