> I have a quite tricky situation. For internal reasons, I would need that for > any user, two different user ids are returned, depending on the service. So > let's assume user U1 with two attributes (A1 and A2): for Service 1, I > should return A1 as the user id (because basically U1 is known as A1 on S1) > while for Service 2, I should return A2 as the user id (because S2 knows U1 > as A2)
The CredentialsToPrincipalResolver interface is intended to enable use cases where the authentication credential may differ from the principal returned to clients. The trouble with that component is that the mapping is cached for the lifetime of the SSO session, which would preclude service-specific mappings. If you absolutely need the user ID to be the CAS principal returned to the service, I believe you will have substantial work ahead of you; there are no components of which I am aware that you can extend to support service-specific principals. If, on the other hand, you simply need to return the user ID to the service in some form or another, you could leverage the SAML-based attribute release capability of CAS to do this provided your application platforms can use one of the SAML-capable clients (Java, PHP, Apache, .NET). M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
