I have several applications (besides Google Apps) using the
alternateUserName part of googleAccountsArgumentExtractor for
authenticating users. For some applications it would be beneficial to have
another alternateUserName field. If one alternateUserName doesn't work,
then it tries the next one. I was looking at
the GoogleAccountsService.java file to see if I could make it do this (I
know this is not recommended to modify CAS like this) and I noticed these
lines:
final String userId;
if (this.alternateUserName == null) {
userId = getPrincipal().getId();
} else {
final String attributeValue = (String)
getPrincipal().getAttributes().get(this.alternateUserName);
if (attributeValue == null) {
userId = getPrincipal().getId();
} else {
userId = attributeValue;
}
}
samlResponse = samlResponse.replace("<USERNAME_STRING>", userId);
samlResponse = samlResponse.replace("<RESPONSE_ID>", createID());
samlResponse = samlResponse.replace("<ISSUE_INSTANT>", SamlUtils
.getCurrentDateAndTime());
samlResponse = samlResponse.replace("<AUTHN_INSTANT>", SamlUtils
.getCurrentDateAndTime());
samlResponse = samlResponse.replaceAll("<NOT_ON_OR_AFTER>",
SamlUtils
.getFormattedDateAndTime(c.getTime()));
samlResponse = samlResponse.replace("<ASSERTION_ID>", createID());
samlResponse = samlResponse.replaceAll("<ACS_URL>", getId());
samlResponse = samlResponse.replace("<REQUEST_ID>", this.requestId);
return samlResponse;
I guess I'm not as familiar with the nuts and bolts of CAS, but I was
wondering if there were some way to test the SAML samlResponse and if it
fails, try the second alternate username. Also, if you would prefer that I
not modify the script, could you make this a suggestion for a revision?
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
