Hi all, I'm attempting to install and configure CAS 4.2.4 within our
environment.
I have LDAP and JDBC authentication working, but would like to supplement
the Principal with data from a separate database and use CAS to present a
list of "roles" back to the application when a user is authenticated.
I understand I want to chain a couple of PrincipalResolvers together, and
although I've not started on that yet, I do think I can figure it out.
However, I'd like to be able to only return the list of "roles" relevant to
the application requesting them.
We have nearly 100 applications we want migrate to CAS and each user may be
a member several roles per application. In extreme cases, CAS would be
returning up to 500 role names.
I have an InMemoryServiceRegistryDaoImpl configured which allows access
from applications within our domain. I have not configured any other
serviceRegistry classes.
<bean
id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean
class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="0" />
<property name="name" value="HTTP and HTTPS" />
<property name="description" value="Allows
http[s]://*.internal.company.com[:port]/*"
/>
<property name="serviceId" value="^(http?|https
?):\/\/([A-Za-z0-9_-]+)\.internal\.company\.com(:\d{2,5})?\/.*" />
<property name="evaluationOrder" value="1" />
</bean>
</list>
</property>
</bean>
I would like to be able to pass the "$2" item from the serviceId to my
PrincipalResolver.
Alternatively, I could just pass in the whole of the serviceId and do the
parsing in the resolver itself.
>From my understanding, the Principal is returned by CAS in a separate
request (made directly to CAS by the application), so is not really in the
context of the serviceRegistry anyway. Given that fact the likelihood of
using that regex is very low. However, it's that part of the serviceId that
I'd like to query the database with.
How would I gain access to the serviceId detail in the resolver?
Is there a standard resolver I can use, or would I need to write my own?
Many thanks in advance.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/15dd9af6-0353-4e1c-893a-bf22e65eb6da%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
