>The mainframe provides lots of extra data that we need in the Spring >application. > Is it possible to return this information from CAS to Spring?
Yes, via the attribute release feature of CAS. You'll need to consider the following: - Configure an attribute source on the CAS server, https://wiki.jasig.org/display/CASUM/Attributes. That's where you'll hook into your mainframe data. You'll need a custom component for this. - Configure your clients to request the SAML protocol that contains an AttributeStatement with the attribute payload. I'm rusty with Spring Security, but I believe you want CasAuthenticationProvider configured with a Saml11TicketValidator. - Get the attribute data into Spring via a UserDetailsService. I believe http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.html is what you want. I believe the biggest problem will be developing an IPersonAttributeDao component that can retrieve attributes from your mainframe. As stated you mentioned pulling attributes at authentication time, but authentication and attribute resolution happen in two independent steps. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
