I believe that the simplest thing with Java is to use SAML validator. This doesn’t require any changes in the casServiceValidationSuccess.jsp. You mention upheaval, but unless you have advanced use cases like PGT or REST and programmatic access, using the SAML validator is just a different configuration of the Java CAS client.
To your original question, the attribute parsing built into the java cas client is very primitive. I know that we had to do some tweaking to get it to work (we used it instead of SAML validate because we needed PGT support) I'll cut and paste what worked for us. I believe that you are correct that the "Name" of the attribute needs to be in the xml element itself. What is below is the exact formattting that comes out of ours including whitespace: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>appadmin</cas:user> <cas:attributes> <cas:USER_ROLES>["Security Administrator","System Administrator","User"]</cas:USER_ROLES></cas:attributes> </cas:authenticationSuccess> </cas:serviceResponse> As you can see, for multivalued attributes, we put the output into JSON format; you can choose to do that or not do that. Here is a .jsp snippet for attributes: <cas:attributes><c:forEach var="attributes" items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"><c:set var="principal" value="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal}" scope="page" /> <% Principal myPrincipal = (Principal)pageContext.getAttribute("principal"); Map<String, Object> attributesSet = myPrincipal.getAttributes(); for (final Entry<String, Object> e : attributesSet.entrySet()) { String key=e.getKey(); pageContext.setAttribute("principalAttributeKey", key); ArrayList aValues = new ArrayList(); if (e.getValue() instanceof Collection<?>) { final Collection<?> c = (Collection<?>) e.getValue(); if (c.isEmpty()) { continue; } aValues.addAll(c); } else { aValues.add(e.getValue()); } pageContext.setAttribute("principalAttributeValue", aValues); } %> <c:if test="${not empty principalAttributeKey}"><cas:${principalAttributeKey}>[<c:forEach items="${principalAttributeValue}" var="attributeValue" varStatus="loop">"${attributeValue}"<c:if test="${(loop.count) < fn:length(principalAttributeValue)}">,</c:if></c:forEach>]</cas:${principalAttributeKey}></c:if></c:forEach></cas:attributes> > However, now that I have them displayed, I cannot get the attributes out on > the client side. I'm using the CAS20ProxyTicketValidator - not sure if this is > the right one to get the extra information I need - but it appears as if the > attributes that I created are in the wrong format. When I use the > casServiceVlaidationSuccess.jsp it puts out attributes in the following > format: > > <cas:attributes> > <cas:attribute> > <cas:name>myAttributeName</cas:name> > <cas:value>myAttributeValue</cas:value> > </cas:attribute> > </cas:attributes> > > When the proxy ticket validator iterates through the attributes, it puts > "name", "value" into the principal's attributes instead of "myAttributeName" > and "myAttributeValue" into the attributes. > > So should I even be using the CAS20ProxyTicketValidator or use the Saml > validator? Going to the saml validator would cause a huge upheaval and I'm > not comfortable doing that at this point - we might migrate later. So I'm > going > to try and alter the jsp so that the client will understand the attributes, > namely: > > <cas:myAttributeName>myAttributeName</cas:myAttributeName> > <cas:myAttributeValue>myAttributeValue</cas:myAttributeValue> > > I'm just unsure if this is even the right approach. > > Thanks in advance for your assistance. > > Russ Baker > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user
smime.p7s
Description: S/MIME cryptographic signature
