Hi
I have finally found the solution why the attribute was not added. The
reason was I forgot to add the allowedAttributes property:
svn diff WEB-INF/deployerConfigContext.xml
Index: WEB-INF/deployerConfigContext.xml
===================================================================
--- WEB-INF/deployerConfigContext.xml (revision 20001)
+++ WEB-INF/deployerConfigContext.xml (working copy)
@@ -185,6 +185,11 @@
<property name="description" value="Allows
HTTP(S) and IMAP(S) protocols" />
<property name="serviceId"
value="^(https?|imaps?)://.*" />
<property name="evaluationOrder"
value="10000001" />
+ <property name="allowedAttributes">
+ <list>
+ <value>display-name</value>
+ </list>
+ </property>
</bean>
<!--
Use the following definition instead of the above
to further restrict access
I understand this is documented at for example
https://wiki.jasig.org/display/casum/attributes
but I think it would be very helpful when
src/main/java/org/jasig/cas/CentralAuthenticationServiceImpl.java
would log when there are not allowed attributes filtered.
At the moment it just does not copy them
for (final String attribute : registeredService.getAllowedAttributes()) {
and there is no debug information that there are existing attributes not
copied.
I can provide a patch if somebody is interested in.
Thanks
Michael
Am 02.01.14 12:38, schrieb Michael Wechner:
> Hi
>
> I have now implemented a custom CredentialsToPrincipalResolver:
>
> /**
> * @see
> org.jasig.cas.authentication.principal.CredentialsToPrincipalResolver#resolvePrincipal(Credentials)
> */
> public final Principal resolvePrincipal(final Credentials credentials) {
> log.info("Attempting to resolve a principal...");
>
> final UsernamePasswordCredentials usernamePasswordCredentials =
> (UsernamePasswordCredentials) credentials;
> final String principalId =
> usernamePasswordCredentials.getUsername();
>
> if (principalId == null) {
> log.error("No principal ID!");
> return null;
> }
>
> final String value = "TODO";
> log.info("Creating SimplePrincipal for [" + principalId + "] and
> add display-name '" + value + "'...");
>
> final Map<String, Object> attributes = new HashMap<String,
> Object>();
>
> final String key = "display-name";
> attributes.put(key, value);
>
> return new SimplePrincipal(principalId, attributes);
> }
>
> which is adding one attribute called "display-name", whereas I can see
> in the CAS log that this custom class is being used
>
> I have also patched
>
> casServiceValidationSuccess.jsp
>
> (according to
> http://stackoverflow.com/questions/4882298/getting-more-attributes-from-cas-than-just-user-id)
>
> but I still do not receive this attribute inside my response:
>
> <?xml version="1.0" encoding="UTF-8"?><cas:serviceResponse
> xmlns:cas="http://www.yale.edu/tp/cas";>
> <cas:authenticationSuccess>
> <cas:user>[email protected]</cas:user>
>
>
> <cas:proxyGrantingTicket>PGTIOU-1-PdCx3JZ5o1tcsBqXnvrX-cas01.example.org</cas:proxyGrantingTicket>
>
> <cas:attributes>
> </cas:attributes>
> </cas:authenticationSuccess>
> </cas:serviceResponse>
>
> Any idea what I might be missing?
>
> Thanks
>
> Michael
>
>
> Am 01.01.14 16:59, schrieb Michael Wechner:
>> Hi
>>
>> I have been reading various links now, but I am still a bit lost on how
>> to do this, because my custom authentication handler receives the
>> additional information from a custom backend and if IIUC one cannot set
>> this additional information as attributes inside the custom
>> authentication directly.
>>
>> But one rather has to introduce custom credentials class (by overwriting
>> UsernamePasswordCredentials) and append
>> the additional information to the custom credentials inside
>>
>> authenticateUsernamePasswordInternal(...)
>>
>> and then introduce a custom Resolver (by overwriting
>> UsernamePasswordCredentialsToPrincipalResolver) which will make a cast
>> to the custom credentials and hence set for example attributeRepository?
>>
>> Is that the recommended way or do I misunderstand something?
>>
>> Thanks
>>
>> Michael
>>
>> Am 14.10.13 15:29, schrieb Jérôme LELEU:
>>> Hi,
>>>
>>> After a successful authentication, CAS will build an Authentication object
>>> with a Principal. Using the appropriate resolver, you will be able to
>>> populate attributes for your principal.
>>> Here is a good start : https://wiki.jasig.org/display/CASUM/Attributes.
>>> I advice you to search through the mailing list as returning attributes is
>>> a common topic.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>>
>>> 2013/10/14 Michael Wechner <[email protected]>
>>>
>>>> Hi
>>>>
>>>> I have written a custom authentication handler extending
>>>> AbstractUsernamePasswordAuthen**ticationHandler,
>>>> which is working very fine.
>>>>
>>>> When authenticating successfully, then I receive a response like
>>>>
>>>> <?xml version="1.0" encoding="UTF-8"?><cas:**serviceResponse xmlns:cas="
>>>> http://www.yale.**edu/tp/cas <http://www.yale.edu/tp/cas>">
>>>> <cas:authenticationSuccess>
>>>> <cas:user>[email protected]</cas:**user>
>>>>
>>>> Is it possible to also customize this response by adding more information
>>>> like for example the firstname and lastname of a user, e.g.
>>>>
>>>> <?xml version="1.0" encoding="UTF-8"?><cas:**serviceResponse xmlns:cas="
>>>> http://www.yale.**edu/tp/cas <http://www.yale.edu/tp/cas>">
>>>> <cas:authenticationSuccess>
>>>> <cas:user>[email protected]</cas:**user>
>>>> <custom:firstname xmlns:custom="http://www.**
>>>> wyona.com/custom <http://www.wyona.com/custom>">Alice</**custom:firstname>
>>>> <custom:lastname xmlns:custom="http://www.**
>>>> wyona.com/custom <http://www.wyona.com/custom>">Smith</**custom:lastname>
>>>> <custom:company xmlns:custom="http://www.**
>>>> wyona.com/custom <http://www.wyona.com/custom>">Wyona</**custom:company>
>>>>
>>>> ?
>>>>
>>>> I am asking because then the CAS implementation of my webapp would not
>>>> have to make an additional request to the identity management system in
>>>> order to retrieve firstname, lastname, etc. in order to display when being
>>>> logged in.
>>>>
>>>> Thanks
>>>>
>>>> Michael
>>>>
>>>> --
>>>> You are currently subscribed to [email protected] as:
>>>> [email protected]
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/**display/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user>
>>>>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
