I have a set of attributes that are based on Credentials (e.g. an internal LOA value based on the credential type, certificate used in X509 authentication) that I need to have expressed as attributes in the SAML 1.1 assertion generated by CAS....2. Build a PersonAttributeDao implementation to inject the attributes at resolvePrincipal time.
We accomplish this via 2. We define a stub LOA attribute with a static DAO implementation then use a merging one to combine the various DAOs. Once we get the attribute definition into the authn pipeline, it's easy to update it with a custom resolver.
SAML2 has the AuthnContext slot that is an ideal place to describe things like LOA, but SAML 1.1 afaik only has AuthenticationMethod.
M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
