shanth wrote: > > So do you mean , even if the services are not configured using service > management tool we can release the saml attributes. > > 1) Can i send attributes like modifying the result jsp and using > credentialstoprincipalresolver with out configuring services using service > management tool. The reason iam asking i dont want to use service tool > (delete it) . >
Right. You do not need to use the services management web app to configure a persistent services management configuration. But in any case, you have to have a persistent configuration (like JDBC or LDAP). shanth wrote: > > 2) To send attributes do i need to extend principal object and add > corresponding fields to it and then make changes in the result jsp to > accomodate those fields in the response. If so how can i customize the cas > client to parse that result any pointer please. > The CAS client API provides an impl of java.security.Principal named AttributePrincipal which holds the additional attributes. An example how to retrieve the attributes within a JSP can be found at WiKi (which is down as of this writing). But it looks like this: ------------------ snip ----------------------- <%...@page contentType="text/html"%> <%...@page pageEncoding="UTF-8"%> <%@ page import="java.util.Map" %> <%@ page import="java.util.Iterator" %> <%@ page import="org.jasig.cas.client.authentication.AttributePrincipal" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>This area is secured by CAS</title> </head> <body> <h1>This area is secured by CAS</h1> <p><%= request.getRemoteUser() %></p> <% AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal(); Map attributes = principal.getAttributes(); Iterator attributeNames = attributes.keySet().iterator(); out.println("<table>"); for (; attributeNames.hasNext();) { out.println("<tr><th>"); String attributeName = (String) attributeNames.next(); out.println(attributeName); out.println("</th><td>"); Object attributeValue = attributes.get(attributeName); out.println(attributeValue); out.println("</td></tr>"); } out.println("</table>"); %> </body> </html> ------------------ snap ----------------------- In order to get it work you have to configure a servlet filter on your CAS client. My demo cas client's web.xml looks like this: ------------------ snip ----------------------- <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://localhost:8443/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8080</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://localhost:8443/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8080</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/secure/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/secure/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/secure/*</url-pattern> </filter-mapping> ------------------ snap ----------------------- shanth wrote: > > 3)do i need to go with above approach or with person directory approach > like using attribute repository. > You'll need the above approach _and_ an attribute repo at the server side. I successfully tested a LDAP person attribute repo: --------------- snip -------------- <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="contextSource" ref="contextSource" /> <property name="baseDN" value="ou=Users,dc=foo" /> <property name="requireAllQueryAttributes" value="true" /> <property name="queryAttributeMapping"> <map> <entry key="username" value="uid" /> </map> </property> <property name="resultAttributeMapping"> <map> <entry key="cn" value="Name" /> <entry key="mail" value="Email" /> <entry key="uid" value="Username" /> </map> </property> </bean> --------------- snap -------------- When using the services management web app, the attributes Name, Email and Username show up in the attribute list to be selected by the admin. This is also well document in the WiKi. I'll provide the URLs as soon as it is up again. HTH \t\t -- View this message in context: http://jasig.275507.n4.nabble.com/mail-attribute-question-tp2237843p2239709.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
