After a successful CAS authentication, TGT ID (String representation of a ticket granting ticket id) should be available in the flow scope. You could then use a little helper API from cas-addons to get an authenticated principal by this TGT ID:
https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/authentication/AuthenticationSupport.java (getAuthenticatedPrincipalFrom(String) method) or you could roll your own. Cheers, Dmitriy. On Jan 8, 2013, at 3:01 PM, [email protected] wrote: > Thank you again for the info. > I was able to add an action to login-webflow.xmland create a flow that I > needed. > > I created a simple POJO with a method that takes String as a parameter. > The goal is to pass the resolved principle id and pass it to this method. > Then this method will do the validation against DB2. > > I am currently trying to figure out how to obtain the resolved principle id > and use it in the method I created. > For test purpose I used flowScope.credentials.username as a parameter like > this: > > <evaluate expression="myPojo.myMethod(flowScope.credentials.username)" /> > > but this gives me the login id which is what the user entered on the form, > not the resolved ID that the program needs. > > I use CredentialsToLDAPAttributePrincipalResolverto get a different ID from > LDAP. > > I will continue to do research, but if you can point me on where the resolved > ID gets stored and how to access that in login-webflow.xml, that will be > great. > > Thank you, > > Ken Maruyama > Technical Architect > Fashion Institute of Design & Merchandising > 1-213-624-1201 Ex.4525 > [email protected] > > > > From: Dmitriy Kopylenko <[email protected]> > To: <[email protected]> > Date: 01/07/2013 04:21 PM > Subject: Re: [cas-user] Combine LDAP with SQL for validation > > > > > > Sent from my iPhone > > On Jan 7, 2013, at 16:49, "Ken Maruyama" <[email protected]> wrote: > > > Hi Dmitriy, > > > > I'm trying to follow your suggestion, but have some questions. > > > > First, when you say I should create a interface/impl, do you mean to create > > a implementation of AuthenticationHandler? > > No. I mean a separate API/Impl from core CAS API. In other words a custom API > which should plug into the CAS login webflow. > > > > > > > > Second, does adding additional action means adding a <bean> property in the > > authenticationHandlers section of the deployerConfigContext.xml? > > It would be a custom state definition in login-webflow.xml as well as any > custom beans in WEB-INF/spring-configuration. > > > uthenticationManagerImpl"> > > <property name="credentialsToPrincipalResolvers"> > > <list> > > <bean > > class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> > > <property name="credentialsToPrincipalResolver"> > > <bean > > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" > > /> > > </property> > > <property name="filter" value="(uid=%u)" /> > > <property name="principalAttributeName" > > value="XXXXXXXXXXXXXX" /> > > <property name="searchBase" value="o=XXXXXX,c=XXXXXX" /> > > <property name="contextSource" ref="contextSource" /> > > <property name="attributeRepository"> > > <ref bean="attributeRepository" /> > > </property> > > </bean> > > <bean > > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"> > > > > <property name="attributeRepository" > > ref="attributeRepository" /> > > </bean> > > <bean > > class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" > > /> > > </list> > > </property> > > <property name="authenticationHandlers"> > > <list> > > <bean > > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" > > p:httpClient-ref="httpClient" /> > > <bean > > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > > p:filter="uid=%u" p:searchBase="o=XXXXXXXXX,c=XXXXXXX" > > p:contextSource-ref="contextSource" /> > > </list> > > </property> > > </bean> > > <sec:user-service id="userDetailsService"> > > <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" > > authorities="ROLE_ADMIN" /> > > </sec:user-service> > > <bean id="attributeRepository" > > class="org.jasig.services.persondir.support.StubPersonAttributeDao"> > > > > <property name="backingMap"> > > <map> > > <entry key="uid" value="uid" /> > > <entry key="eduPersonAffiliation" > > value="eduPersonAffiliation" /> > > <entry key="groupMembership" value="groupMembership" /> > > </map> > > </property> > > </bean> > > <bean id="serviceRegistryDao" > > class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> > > <property name="registeredServices"> > > <list> > > <bean class="org.jasig.cas.services.RegexRegisteredService"> > > > > <property name="id" value="0" /> > > <property name="name" value="HTTP and IMAP" /> > > <property name="description" > > value="Allows HTTP(S) and IMAP(S) protocols" /> > > <property name="serviceId" > > value="^(https?|imaps?)://.*" /> > > <property name="evaluationOrder" value="10000001" /> > > </bean> > > </list> > > </property> > > </bean> > > <bean id="auditTrailManager" > > class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> > > <bean id="healthCheckMonitor" > > class="org.jasig.cas.monitor.HealthCheckMonitor"> > > <property name="monitors"> > > <list> > > <bean class="org.jasig.cas.monitor.MemoryMonitor" > > p:freeMemoryWarnThreshold="10" /> > > <bean class="org.jasig.cas.monitor.SessionMonitor" > > p:ticketRegistry-ref="ticketRegistry" > > p:serviceTicketCountWarnThreshold="5000" > > p:sessionCountWarnThreshold="100000" /> > > </list> > > </property> > > </bean> > > <bean id="contextSource" > > class="org.springframework.ldap.core.support.LdapContextSource"> > > <property name="pooled" value="false" /> > > <property name="url" value="ldaps://XXXXXXXXX:636" /> > > <property name="baseEnvironmentProperties"> > > <map> > > <entry key="com.sun.jndi.ldap.connect.timeout" > > value="3000" /> > > <entry key="com.sun.jndi.ldap.read.timeout" value="3000" /> > > <entry key="java.naming.security.authentication" > > value="simple" /> > > </map> > > </property> > > </bean> > > </beans> > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > DISCLAIMER > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > Use or distribution of this email by an unintended recipient is prohibited > and may be a violation of law. If you have received this email in error, > please notify the sender immediately and then destroy the document. Please > note that any views or opinions presented in this email are solely those of > the author and do not necessarily represent those of FIDM. Finally, the > recipient should check this email and any attachments for the presence of > viruses. FIDM accepts no liability for any damage caused by any virus > transmitted by this email. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
