[cas-user] SAML2 attributes modified based on some events

Wed, 28 Oct 2020 04:49:25 -0700 

Hello.

I'm using cas 5.3, succesfully configured it with SAML2 support. 

For every service I have a specialized groovy script that rewire the 
attributes for the specific endpoint.

Until now the authentication query gave me all I needed to build SAML2. The 
authentication query is done via Sql (postgres).
The RelayState was sufficient for extra attributes depending on other's 
apps sessions.

But now I need to modify SAML2 attributes in real time, based on some 
events (read from a database or some other dynamic source.)

For example i want to let a service know if a user changed something in his 
setting, without make him re-authenticate (something that changes very 
often).

I thought I could use a database query directly from the script.

Is it possible? I can't find anything about doing that in a script or a 
java class. I would like to re-use existing jdbc datasource.

*snippet of serviceX.yml:*
attributeReleasePolicy: 
!<org.apereo.cas.support.saml.services.GroovySamlRegisteredServiceAttributeReleasePolicy>
groovyScript: file:./config/scripts/serviceXAttributeReleasePolicy.groovy

*snippet of groovy script:*
import java.util.*
import org.apereo.cas.support.saml.services.*
import org.apereo.cas.support.saml.*
import groovy.json.JsonSlurper

def Map<String, Object> run(final Object... args) {
    def attributes = args[0]
    def service = args[1]
    def resolver = args[2]
    def facade = args[3]
    def entityDescriptor = args[4]
    def applicationContext = args[5]
    def logger = args[6]

    // Something like that
    def ds = getDataSource(applicationContext)
    // ... do the query for the current user in attributes









-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/57972c90-f371-4ce8-aa6d-6c0767d96508n%40apereo.org.

Reply via email to