On Mon, Jan 17, 2011 at 3:21 PM, Marvin Addison <[email protected]>wrote:
> >The mainframe provides lots of extra data that we need in the Spring > application. > > Is it possible to return this information from CAS to Spring? > > Yes, via the attribute release feature of CAS. You'll need to > consider the following: > > - Configure an attribute source on the CAS server, > https://wiki.jasig.org/display/CASUM/Attributes. That's where you'll > hook into your mainframe data. You'll need a custom component for > this. > - Configure your clients to request the SAML protocol that contains > an AttributeStatement with the attribute payload. I'm rusty with > Spring Security, but I believe you want CasAuthenticationProvider > configured with a Saml11TicketValidator. > - Get the attribute data into Spring via a UserDetailsService. I > believe > http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.html > is what you want. > > That class should populate the GrantedAuthorities. It won't expose them as normal attributes (i.e. how the Java CAS Client adds them to the principal). This is more like how we override the request.isUserInRole Java client. Cheers, Scott > I believe the biggest problem will be developing an > IPersonAttributeDao component that can retrieve attributes from your > mainframe. As stated you mentioned pulling attributes at > authentication time, but authentication and attribute resolution > happen in two independent steps. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
