Hi Rafael, Interesting.
The AuthenticationMethod is set in the SAM1 success response view: https://github.com/Jasig/cas/blob/v3.4.11/cas-server-core/src/main/java/org/jasig/cas/web/view/Saml10SuccessResponseView.java final String authenticationMethod = (String) authentication.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD); If that attribute is null, then just in time when the view composes the response, it default to the unspecified authentication method attribute value that you're seeing. samlAuthenticationStatement .setAuthMethod(authenticationMethod != null ? authenticationMethod : SAMLAuthenticationStatement.AuthenticationMethod_Unspecified); So there's an attribute, on the authentication, named "samlAuthenticationStatementAuthMethod". The value of that attribute is determined by mapping from the Java class name of the Credentials to the AuthenticationMethod string representation of the corresponding method. public SamlAuthenticationMetaDataPopulator() { this.authenticationMethods .put( "org.jasig.cas.authentication.principal.HttpBasedServiceCredentials", SAMLAuthenticationStatement.AuthenticationMethod_SSL_TLS_Client); this.authenticationMethods .put( "org.jasig.cas.authentication.principal.UsernamePasswordCredentials", SAMLAuthenticationStatement.AuthenticationMethod_Password); this.authenticationMethods .put( "org.jasig.cas.adaptors.trusted.authentication.principal.PrincipalBearingCredentials", SAMLAuthenticationStatement.AuthenticationMethod_Unspecified); this.authenticationMethods .put( "org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentials", SAMLAuthenticationStatement.AuthenticationMethod_X509_PublicKey); } There's also support in SamlAuthenticationMetaDataPopulator to set your own user-defined mappings. Anyway, as for where that mapping is exercised: That "samlAuthenticationStatementAuthMethod" attribute on the Authentication is set (in AbstractAuthenticationManager) iff the AuthenticationHandler that handled the authentication is an instanceof NamedAuthenticationHandler. if (pair.getFirst()instanceof NamedAuthenticationHandler) { final NamedAuthenticationHandler a = (NamedAuthenticationHandler) pair.getFirst(); authentication.getAttributes().put(AuthenticationManager.AUTHENTICATION_METHOD_ATTRIBUTE, a.getName()); } So, in your deployerConfigContext.xml, what authenticationHandlers have you declared, and do they implement NamedAuthenticationManager, and if so, what SAML authentication methods are their class names mapped to, either through the default mappings or through custom mappings that you've added? :) Andrew On Jan 19, 2012, at 6:32 AM, Rafa wrote: > Hi, > > I reformulate the question, I'd like to know the authenticated method used to > log in CAS. I've configured a cas client that uses SAML. > > I've found that sample code to get the information, > > Assertion assertion = (Assertion) > request.getSession().getAttribute("_const_cas_assertion_"); > > where I can get the AuthenticationMethod but I'm getting: > > AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"> > > Am I missing any CAS configuration? Must ServiceManager be active in order to > get that information? I'm using > InMemoryServiceRegistryDaoImpl as I don't really need any extra attribute, > just how the user has logged in. > > Thanks. > > > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
