Ok, now I have more information about this issue, I know where the problem
is located but I don't know why it happens.
I will enumerate all relevant steps from getting the attributes to saml
creation of attributes (At least how I think it works)
1. CentralAuthenticationServiceImpl: createTicketGrantingTicket(final
Credential... credentials)
calls this.authenticationManager.authenticate(credentials)
2. authenticateUsernamePasswordInternal: In this method, I get the user
from DB and load all its attributes. I
return: createHandlerResult(credential, new SimplePrincipal(username,
atributos), null); "atributos" contains all the user attributes. So, from
now on, Principal will have all the attributes, in my test "name" and
"lastname"
3. CentralAuthenticationServiceImpl: createTicketGrantingTicket(final
Credential... credentials) creates the ticket. The ticket has an
Authentication object which contains the Principal created.
4. At some point the code hits validateServiceTicket and finishes
returning an ImmutableAssertion with the following attributes:
- primary (Authentication), it's and Authentication object with
a modifiedPrincipal. This particular principal has all the attributes I
want because it went through all the necessary filters.
- chained (List<Authentication>), this list references
to serviceTicket.getGrantingTicket().getChainedAuthentications(), it only
has one item, and the principal contained in that Authentication item is
the first one created with all the attributes.
5. At last, the code hits Saml10SuccessResponseView.prepareResponse,
the first line gets an Authentication object from:
- final Authentication authentication =
getAssertionFrom(model).getChainedAuthentications().get(0); and from that
Authentication retrieves all the attributes.
In a simple test, I changed
getAssertionFrom(model).getChainedAuthentications().get(0)
to
getAssertionFrom(model).getPrimaryAuthentication()
and it works, now I'm getting only the attributes that I want in the client.
I'm sure this isn't a viable solution, because I'm messing with
Saml10SuccessResponseView
and I shouldn't, but I wanted to know if that was the problem. With all
this new information, maybe some of you could tell me what I'm doing wrong
and guide me in the right direction.
Thanks in advance.
El lunes, 13 de octubre de 2014 12:26:34 UTC-2, daniel....@unice.fr
escribió:
>
> Me yeah, SAML 1.1 with an function php which does just a getAttribute().
>
> -----------------------------------------------------------------
> Daniel CHARLOT
> D.S.I. Université de Nice Sophia-Antipolis
> Administrateur Systèmes et Réseaux
> 28, avenue de Valrose - BP 2135 - 06103 NICE
> Tél : 04-92-07-67-07
>
>
>
>
>
>
>
>
>
>
>
> Le 13 oct. 2014 à 16:18, Misagh Moayyed <mmoa...@unicon.net <javascript:>>
> a écrit :
>
> Nothing jumps out at me in your configuration. I’ll run some tests to see
> if I can duplicate the error and provide an explanation.
>
> Do I remember correctly that you said you were using SAML 1.1 to get
> attributes?
>
> *From:* Carlos Olivera [mailto:car...@gmail.com <javascript:>]
> *Sent:* Monday, October 13, 2014 5:00 AM
> *To:* cas-...@lists.jasig.org <javascript:>
> *Cc:* daniel....@unice.fr <javascript:>
> *Subject:* Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release
>
> Sorry, the client code to retrieve the attributes is:
>
>
> AttributePrincipal principal =
> (AttributePrincipal)request.getUserPrincipal();
> Map attributes = principal.getAttributes();
>
> 2014-10-13 9:50 GMT-02:00 Carlos Olivera <carlosr...@gmail.com
> <javascript:>>:
>
> I tried to debug the code in order to figure out when the principal was
> saved with all the attributes. I got the following Assertion
> (ImmutableAssertion) object created (ServiceValidateController):
>
>
> - primaryAuthentication (ImmutableAuthentication): The Principal has
> an empty list of attributes, wich is what I need according to my
> configuation.
> - chainedAuthentications (List<ImmutableAuthentication>): Return a
> list with only one item, but in that case the Principal in the
> Authentication object has ALL the attributes of the user.
>
> Is that the standard behaviour in the login proccess?
>
> Something I haven't said yet, to retrieve the attributes from the client I
> use the following code:
>
> AttributePrincipal principal = (AttributePrincipal)request.
> Map attributes = principal.getAttributes();
>
>
> is that ok???
>
> I don't know if any of that helps, but maybe for an experienced user it
> could mean something.
>
> El lunes, 13 de octubre de 2014 08:51:15 UTC-2, daniel....@unice.fr
> escribió:
>
> Hi,
>
> Here my deployerconfig. I have the same problem than carlos. I dont
> understand why i have all attributes..
> I have tried both with Attributefilter and allowedattributes but its the
> same.
>
> --
>
> You are currently subscribed to cas-...@lists.jasig.org as:
> jasig-cas-user...@googlegroups.com
>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
>
> You are currently subscribed to cas-...@lists.jasig.org <javascript:> as:
> carlosr...@gmail.com <javascript:>
>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
>
>
>
> --
>
> You are currently subscribed to cas-...@lists.jasig.org <javascript:> as:
> mmoa...@unicon.net <javascript:>
>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to cas-...@lists.jasig.org <javascript:> as:
> daniel....@unice.fr <javascript:>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to cas-...@lists.jasig.org <javascript:> as:
> jasig-cas-user...@googlegroups.com <javascript:>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
