Marvin
Thanks a lot for your help; I can't use SAML, because the clients we
are using don't support it. Good news is that both clients use the
serviceValidate that returns an xml document. I'm also using
additional attributes.
One of the clients is a Liferay portal, that uses an old version of
the java CAS client; I was thinking I could modify that library so
that it doesn't use the <cas:user> attribute, but rather another one
which would contains its local identifier
Another solution I was thinking about was that in
serviceValidateSuccess.jsp, to figure out the service and then be able
to return the appropriate attribute value. I see it' possible to test
assertion.service, so would that be a possibility?
Cheers
Jean-Noel Colin
On 05 Oct 2009, at 20:08, Marvin Addison wrote:
I have a quite tricky situation. For internal reasons, I would need
that for
any user, two different user ids are returned, depending on the
service. So
let's assume user U1 with two attributes (A1 and A2): for Service
1, I
should return A1 as the user id (because basically U1 is known as
A1 on S1)
while for Service 2, I should return A2 as the user id (because S2
knows U1
as A2)
The CredentialsToPrincipalResolver interface is intended to enable use
cases where the authentication credential may differ from the
principal returned to clients. The trouble with that component is
that the mapping is cached for the lifetime of the SSO session, which
would preclude service-specific mappings.
If you absolutely need the user ID to be the CAS principal returned to
the service, I believe you will have substantial work ahead of you;
there are no components of which I am aware that you can extend to
support service-specific principals.
If, on the other hand, you simply need to return the user ID to the
service in some form or another, you could leverage the SAML-based
attribute release capability of CAS to do this provided your
application platforms can use one of the SAML-capable clients (Java,
PHP, Apache, .NET).
M
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
