Thanks Scott.

When debugging I observe that the authentication attribute is always null, as 
authentication.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD)
looks for attribute named samlAuthenticationStatementAuthMethod, but the 
authentication attribute is authenticationMethod. I guess this is just a 
configuration issue in our setup.

--
Thomas

From: Scott Battaglia 
<[email protected]<mailto:[email protected]>>
Reply-To: "[email protected]<mailto:[email protected]>" 
<[email protected]<mailto:[email protected]>>
Date: onsdag 17. oktober 2012 04:09
To: "[email protected]<mailto:[email protected]>" 
<[email protected]<mailto:[email protected]>>
Subject: Re: [cas-user] Returning authentication method from CAS to services

Its included as part of the SAML 1.1 response, but not as part of the CAS 
response.

Cheers,
Scott


On Tue, Oct 16, 2012 at 4:05 PM, Pronstad, Thomas 
<[email protected]<mailto:[email protected]>> wrote:
Hi

Does CAS support identifying which authentication handler was used by a user 
for authentication. Either via attributes or some other way?

I'm looking for a way to support levels of authentication strength. The goal is 
that an application during a service ticket validation can decide if it wishes 
to accept the authentication strength of the login method used. So for instance 
an attribute LOGIN_METHOD = X509clientcert might signal to the application that 
full trust is ok, and the user should be able to do anything, but LOGIN_METHOD 
= user_pass  could result in only read access to data.

--
Kind regards
Thomas Pronstad



--
You are currently subscribed to 
[email protected]<mailto:[email protected]> as: 
[email protected]<mailto:[email protected]>


To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


--
You are currently subscribed to 
[email protected]<mailto:[email protected]> as: 
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to