Others have mentioned how to get the data you're looking for from the CAS core API, which is valuable information. There is another important aspect of your problem that you must address, which is the delivery of that data to the client application. Ideally you'd leverage authentication attributes to accomplish this, but there is currently no way to communicate those to CAS clients. Alternatively, you could possibly stretch the definition of principal attributes to accomplish this. In that case you would need to develop your own implementation of IPersonAttributeDao that could resolve the service ticket from the principal ID. You'd then wire in your custom attribute resolver into your Spring context by the name of attributeRepository, and clients could get at this attribute by requesting a SAML payload at /samlValidate instead of /serviceValidate.
Best of luck, Marvin -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
