To summarize, could you please validate the following?
to return more attributes to a CAS client, i have to: gather the attributes from a datasource; this can be done:by using a custom CredentialsToPrincipals resolver (side question: can the attributes be collected in a custom authenticator, populated into the credentials, and extracted from the credentials into the principal by the resolver?) by using a PersonDirectory DAO (probably SingleRowJdbcPersonAttributeDao) and configure it properly in deployerConfigContext.xml configure the service management to allow the services to get the attributes
Thanks a lot Jean-Noel On 17 Jun 2009, at 17:32, Scott Battaglia wrote:
On Wed, Jun 17, 2009 at 9:16 AM, Jean-Noel Colin <[email protected]> wrote:Scott,I managed to go past this step by updating my support() method to make sure my AuthenticationHandler support UsernamePasswordCredentials.Now, I have additional questions: where do I specify that I want to use a different type of Credentials?It depends. If you're still using the form authentication, look at the JavaDocs for the Spring Web Flow FormAction.if I need to return more information to the client app, I guess I have to use a CredentialsToPrincipalResolver to build a custom principal? Again, it depends. If the attributes are stored in a LDAP server, database server, etc. look at using PersonDirectory. Most of our provided resolvers have built-in support for working with PersonDirectory (for example, see the recent AD thread) under which form and by which CAS component is the Principal information returned to the client app? I guess it happens at Validation time? yes, as validation. But additional information, such as attributes, will only work in combination with the services management tool. is it possible to use different sets of views depending on the client app? i.e. i have one client that includes basic forms through iframe and another client that uses 'normal' redirection to/from CAS server. How can I determine which views to use? Your best option would be to specify different endpoints that the applications can point to. is it possible to return different types of Principal depending on the client app? I have already CASified apps that are happy with the 'normal' CAS behavior (SimplePrincipal) but I also have another application that needs to get more info about the user (hence a different type of principal I suppose?)See the above about attributes. Cheers, Scott Thanks a lot for your help Jean-Noël On 17 Jun 2009, at 13:47, Scott Battaglia wrote:What type of credentials does your custom class support? Is it the same kind that you're passing to it? By default the UI passes in UsernamePasswordCredentials.Cheers, ScottOn Wed, Jun 17, 2009 at 6:00 AM, Jean-Noel Colin <[email protected]> wrote:HiI'm trying to develop my own authenticator, but can't find a complete working recipe for it; so let me first explain what I did and the problems I'm facing.I'm using CAS 3.3.2 on Tomcat 6.I have written a custom class that implements AuthenticationHandler; this class is placed under WEB-INF/lib of the cas webapp (and properly found by tomcat) I have updated the deployerConfigContext.xml file so that under authenticationHandlers property I now have a line referring to my handlerEverything deploys fine, I can reach the login page, but when submitting username and password, I get the error "The credentials you provided are not supported by CAS"Could someone explain what I'm missing or doing wrong? I'd be really please to document the whole process, but I would first need to get it to workThanks for your help Jean-Noel Colin -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user-- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
smime.p7s
Description: S/MIME cryptographic signature
