At the bottom is some code that I pulled from our product that I know works. It produces the following result:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>appadmin</cas:user> <cas:attributes> <cas:USER_ROLES>["Security Administrator","System Administrator","User"]</cas:USER_ROLES></cas:attributes> </cas:authenticationSuccess> </cas:serviceResponse> Here is the code. It may be more complicated that it needs to be; in our case, we were trying to get it to work easily with the out-of-the-box java cas client, so we decided to format multivalued attributes as one XML element with a JSON list as the content format (see above). I was also not written by a JSP expert, so it possibly could be simplified. But it does work :). <cas:attributes><c:forEach var="attributes" items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"><c:set var="principal" value="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal}" scope="page" /> <% Principal myPrincipal = (Principal)pageContext.getAttribute("principal"); Map<String, Object> attributesSet = myPrincipal.getAttributes(); for (final Entry<String, Object> e : attributesSet.entrySet()) { String key=e.getKey(); pageContext.setAttribute("principalAttributeKey", key); ArrayList aValues = new ArrayList(); if (e.getValue() instanceof Collection<?>) { final Collection<?> c = (Collection<?>) e.getValue(); if (c.isEmpty()) { continue; } aValues.addAll(c); } else { aValues.add(e.getValue()); } pageContext.setAttribute("principalAttributeValue", aValues); } %> <c:if test="${not empty principalAttributeKey}"><cas:${principalAttributeKey}>[<c:forEach items="${principalAttributeValue}" var="attributeValue" varStatus="loop">"${attributeValue}"<c:if test="${(loop.count) < fn:length(principalAttributeValue)}">,</c:if></c:forEach>]</cas:${principalAttributeKey}></c:if></c:forEach></cas:attributes> David Ohsie EMC Corporation -----Original Message----- From: Liedy, Jonathan [mailto:[email protected]] Sent: Wednesday, February 29, 2012 12:09 PM To: [email protected] Subject: RE: re:[cas-user] Trying to get LDAP Attributes passed into serviceValidate Many thanks Jerome. I've got that plugged in and I'm showing a bit more being dumped into the logs now. I tried adding <c:forEach var="auth" items="${assertion.chainedAuthentications}"> <c:forEach var="attr" items="${auth.principal.attributes}" > <cas:attribute name="${fn:escapeXml(attr.key)}" value="${fn:escapeXml(attr.value)}"/> </c:forEach> </c:forEach> To the casServiceValidationSuccess.jsp, but all I'm getting are some blank lines in addition to the original output. I've not had much success in being able to find a working customization to add the output. Jonathan Liedy Middleware Administrator The Florida State University 2035 East Paul Dirac Drive Sliger, Suite 113 Tallahassee, FL 32310 [email protected] Voice: (850) 270-7368 -----Original Message----- From: jleleu [mailto:[email protected]] Sent: Tuesday, February 28, 2012 1:19 PM To: [email protected] Subject: re:[cas-user] Trying to get LDAP Attributes passed into serviceValidate Hi Jonathan, By default, no attribute are returned by /serviceValidate, you have to customize the view : casServiceValidationSuccess.jsp. To retrieve attributes from the LDAP, you use the attributeRepository bean, which is right. But this bean is referenced nowhere in the deployerConfigContext.xml file and therefore attributes retrieved from LDAP are never added to the principal. It should be defined in the UsernamePasswordCredentialsToPrincipalResolver bean : <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"> <property name="attributeRepository" ref="attributeRepository" /> </bean> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"/> </list> </property> .... Just let me know if it works... Best regards, Jérôme -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
