Thanks Scott. When debugging I observe that the authentication attribute is always null, as authentication.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD) looks for attribute named samlAuthenticationStatementAuthMethod, but the authentication attribute is authenticationMethod. I guess this is just a configuration issue in our setup.
-- Thomas From: Scott Battaglia <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: onsdag 17. oktober 2012 04:09 To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [cas-user] Returning authentication method from CAS to services Its included as part of the SAML 1.1 response, but not as part of the CAS response. Cheers, Scott On Tue, Oct 16, 2012 at 4:05 PM, Pronstad, Thomas <[email protected]<mailto:[email protected]>> wrote: Hi Does CAS support identifying which authentication handler was used by a user for authentication. Either via attributes or some other way? I'm looking for a way to support levels of authentication strength. The goal is that an application during a service ticket validation can decide if it wishes to accept the authentication strength of the login method used. So for instance an attribute LOGIN_METHOD = X509clientcert might signal to the application that full trust is ok, and the user should be able to do anything, but LOGIN_METHOD = user_pass could result in only read access to data. -- Kind regards Thomas Pronstad -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
