Not java directly, but jsp. It doesn't require recompiling anything. I
haven't gotten into the whole maven methods of maintaining my source. We have
other products that we use for that. I just modified the jsp code and place
the file in the correct place...
Jsp is pretty easy to figure out.
Here is a snippet that I added to my file to cleanup the attributes. You just
need to know what the data looks like. Are the id's separated by a comma or a
semi-colon. There should be a function that would split the value. You would
have to do a little work to figure out exactly how to get the value that you
want and then put it in the right place on the page.
<c:forEach var="attr"
items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}">
<c:choose>
<c:when test="${attr.key != 'MemberOf'}">
<cas:attribute
attributeName="${fn:escapeXml(attr.key)}"
>${fn:escapeXml(attr.value)}</cas:attribute>
</c:when>
<c:otherwise>
<c:forTokens items="${attr.value}" delims="=,"
var="grpName">
<c:if test="${fn:startsWith(grpName,
'GRP_IM_')}">
<cas:attribute
attributeName="${fn:escapeXml(grpName)}" >true</cas:attribute>
</c:if>
</c:forTokens>
</c:otherwise>
</c:choose>
</c:forEach>
Take a look at the file and you will see where the userid is retrieved and
placed.
It looks like this:
<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user>
-John
From: Rex Roof [mailto:[email protected]]
Sent: Friday, February 21, 2014 3:38 PM
To: [email protected]
Subject: Re: [cas-user] LDAP: Bind vs FastBind
does it definitely require java coding? I'd hope I could do it in the
configuration XML instead.
- Rex Roof
WCC Systems Engineer <[email protected]<mailto:[email protected]>>
734-973-3478
On Fri, Feb 21, 2014 at 3:46 PM, Ourada, John
<[email protected]<mailto:[email protected]>> wrote:
I am not a good source for doing things in java in CAS. I haven't done any
real java coding. I am running pretty much delivered code. The only thing I
have modified is jsp files and configuration files.
Depending on what is returned by that attribute, you could fix it in the
casServiceValidationSuccess.jsp file.
I modified that file to return attributes based on someone else's documentation
on returning attributes. The issue that I had was how CAS returns the
'memberOf' attribute. I cleaned up the listing of 'memberOf' into something
that could be used by downstream applications in this file.
Others would need to respond as the dangers of doing that...
From: Rex Roof [mailto:[email protected]<mailto:[email protected]>]
Sent: Friday, February 21, 2014 2:34 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [cas-user] LDAP: Bind vs FastBind
we've been dealing with a similar problem and I was thinking about doing this.
One thing, though, we're using openldap and our "uid" attribute can contain
multiple usernames associated with the user. I've already scripted something
that makes sure the primary username is first, but since I don't have that
primary username in its own attribute I couldn't figure out how to return just
that attribute as the username.
any idea how I might pop that first username off of our list of uids and use it
as the primary username?
- Rex Roof
WCC Systems Engineer <[email protected]<mailto:[email protected]>>
734-973-3478<tel:734-973-3478>
On Fri, Feb 21, 2014 at 3:28 PM, Ourada, John
<[email protected]<mailto:[email protected]>> wrote:
I solved problem for us by using attributes.
Since I needed to return a few attributes anyway, I mapped the attribute
'username' to a specific directory attribute. In my case, this has the effect
of returning the data from the directly instead of what the user typed.
It still requires that I configure an account that can retrieve the attributes
once a user has successfully logged in.
-John
-----Original Message-----
From: Tom Poage [mailto:[email protected]<mailto:[email protected]>]
Sent: Friday, February 21, 2014 2:14 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [cas-user] LDAP: Bind vs FastBind
On 02/21/2014 05:24 AM, Whittaker, Geoffrey wrote:
> What are the benefits of FastBind over Bind. Are there any security
> issues I should be aware of if I use FastBind?
With the general case-insensitive nature of LDAP queries, we discovered the
need to 'normalize' and filter the username when using "fast bind"
(not AD).
The username/principal is exposed through service ticket validation as entered
at the login page, so if the client enters "Fred" one time and "FRED" another,
it'll match the same LDAP entry, but to any case-sensitive app downstream, it
looks like two different clients.
Ended up implementing a CredentialsToPrincipalResolver:
> protected String extractPrincipalId(final Credentials credentials) {
> final UsernamePasswordCredentials usernamePasswordCredentials =
> (UsernamePasswordCredentials) credentials;
> return usernamePasswordCredentials.getUsername().trim().toLowerCase();
> }
See my post from November 13, 2013 for details (added trim() since).
A newer version of ldaptive also encodes the argument so someone can't try any
funny stuff with the bind DN.
Tom.
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]> To unsubscribe, change settings
or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
