On Thu, Jun 18, 2009 at 8:31 AM, Jean-Noel Colin <[email protected]> wrote:
> To summarize, could you please validate the following? > > to return more attributes to a CAS client, i have to: > > - gather the attributes from a datasource; this can be done: > - by using a custom CredentialsToPrincipals resolver (side question: > can the attributes be collected in a custom authenticator, populated > into > the credentials, and extracted from the credentials into the principal > by > the resolver?) > > You could but I'm not sure why you'd want to put it in the Credential and then extract it. > > - > - by using a PersonDirectory DAO > (probably SingleRowJdbcPersonAttributeDao) and configure it properly in > deployerConfigContext.xml > > This is a better solution. > > - > - configure the service management to allow the services to get the > attributes > > > Thanks a lot > > Jean-Noel > > > > On 17 Jun 2009, at 17:32, Scott Battaglia wrote: > > On Wed, Jun 17, 2009 at 9:16 AM, Jean-Noel Colin <[email protected]>wrote: > >> Scott, >> I managed to go past this step by updating my support() method to make >> sure my AuthenticationHandler support UsernamePasswordCredentials. >> >> Now, I have additional questions: >> >> - where do I specify that I want to use a different type of >> Credentials? >> >> It depends. If you're still using the form authentication, look at the > JavaDocs for the Spring Web Flow FormAction. > > >> >> - >> - if I need to return more information to the client app, I guess I >> have to use a CredentialsToPrincipalResolver to build a custom principal? >> >> Again, it depends. If the attributes are stored in a LDAP server, > database server, etc. look at using PersonDirectory. Most of our provided > resolvers have built-in support for working with PersonDirectory (for > example, see the recent AD thread) > >> >> - >> - under which form and by which CAS component is the Principal >> information returned to the client app? I guess it happens at Validation >> time? >> >> yes, as validation. But additional information, such as attributes, will > only work in combination with the services management tool. > >> >> - >> - is it possible to use different sets of views depending on the >> client app? i.e. i have one client that includes basic forms through >> iframe >> and another client that uses 'normal' redirection to/from CAS server. How >> can I determine which views to use? >> >> Your best option would be to specify different endpoints that the > applications can point to. > >> >> - >> - is it possible to return different types of Principal depending on >> the client app? I have already CASified apps that are happy with the >> 'normal' CAS behavior (SimplePrincipal) but I also have another >> application >> that needs to get more info about the user (hence a different type of >> principal I suppose?) >> >> See the above about attributes. > > Cheers, > Scott > > >> >> - >> >> >> Thanks a lot for your help >> >> Jean-Noël >> >> >> On 17 Jun 2009, at 13:47, Scott Battaglia wrote: >> >> What type of credentials does your custom class support? Is it the same >> kind that you're passing to it? By default the UI passes in >> UsernamePasswordCredentials. >> >> Cheers, >> Scott >> >> >> On Wed, Jun 17, 2009 at 6:00 AM, Jean-Noel Colin <[email protected]>wrote: >> >>> Hi >>> I'm trying to develop my own authenticator, but can't find a complete >>> working recipe for it; so let me first explain what I did and the problems >>> I'm facing. >>> >>> >>> - I'm using CAS 3.3.2 on Tomcat 6. >>> - I have written a custom class that >>> implements AuthenticationHandler; this class is placed under WEB-INF/lib >>> of >>> the cas webapp (and properly found by tomcat) >>> - I have updated the deployerConfigContext.xml file so that under >>> authenticationHandlers property I now have a line referring to my handler >>> >>> >>> Everything deploys fine, I can reach the login page, but when submitting >>> username and password, I get the error "The credentials you provided are not >>> supported by CAS" >>> >>> Could someone explain what I'm missing or doing wrong? I'd be really >>> please to document the whole process, but I would first need to get it to >>> work >>> >>> Thanks for your help >>> >>> Jean-Noel Colin >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
