You might want to look into and configure attribute caching policy such that it will basically re-resolve them from attribute sources every time ST gets validated, hence you’ll get a fresh set of attributes every time CAS ST validation protocol dance happens:
https://apereo.github.io/cas/5.2.x/integration/Attribute-Release-Caching.html Cheers, D. From: Павел Антонов <[email protected]> Reply: [email protected] <[email protected]> Date: October 19, 2018 at 4:00:32 AM To: [email protected] <[email protected]> Subject: Re: [cas-user] Rerequesting CAS attributes Ray, I need to apply new attributes (changed in CAS) to already authenticated user. How can i do this without logoff/logon currently authenticated user? Does your recommendation solve my problem? I think "Map attributes = principal.getAttributes()" will return the outdated attributes obtained during authentication... чт, 18 окт. 2018 г. в 20:27, Ray Bon <[email protected]>: Pavel, I suspect getting attributes for protocol 3 will be same as SAML 1.1. AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal(); Map attributes = principal.getAttributes(); There should be no need to go back to CAS. Ray On Thu, 2018-10-18 at 05:31 -0700, Pavel Antonov wrote: Hi! I'm developing an API using the Spring Framework. CAS server version 5.3.1, CAS protocol version 3 and CAS client included with Spring Security are used for user authentication. Based on this example https://apereo.github.io/2018/02/20/cas-service-rbac-attributeresolution/ I use CAS attributes as user roles in my API. It's necessary to rerequest CAS from my API to update the roles for already authenticated user. Is it possible to do that without user browser redirects? -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group. To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/Jsl0j06R_tw/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1539883619.2864.46.camel%40uvic.ca. -- Отправлено с ПЭВМ -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMB%2Buw65kiS-yn-UPEEgynOLMrQ9dnV0_H5pT0J26nNKneHbgg%40mail.gmail.com. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.5bd9cfe6.26625904.dcf%40unicon.net.
