Hello,
I'm rather new to CAS and figuring out how to do stuff correctly in
CAS :-). I've created an AuthenticationHandler that handles a simple
username password credential, however due to legacy code that
credential does not carry a unique ID of that authentication. The
'username' of this credential might be an e-mailaddress or a username
for example.
So when I got the point of 'enriching' the principal with some
additional metadata I was surprised to see that that resolver got the
same credentials as the authentication handler. I mean that means that
I have to re-run the code that I have in my authentication handler
again right? I can understand that by the time you reach the principal
resolver and you have a credential that carries a unique ID this is
rather straightforward, you can probably get the rest of the metadata
rather quick based on this unique ID (for example email address). But
not so in my case. Due to the fact that the underlying data is rather
polluted I can even have multiple accounts with the same email address
where only the password differentiates :-S. Cleanup will eventually
happen, but it needs to work in the meantime as well.
Because the authentication handler actually returns a HandlerResult
that carries a credential as well I thought I could simply create my
own credential at that point (let's say I create an
IdUsernamePasswordCredential), but this credential isn't passed to the
resolver, only the original credential is.
Relevant code in the AuthenticationManager:
---
final HandlerResult result = handler.authenticate(credential);
...
resolver = this.handlerResolverMap.get(handler);
if (resolver == null) {
principal = result.getPrincipal();
logger.debug(
"No resolver configured for {}. Falling back to handler
principal {}",
handler.getName(),
principal);
} else {
principal = resolvePrincipal(handler.getName(), resolver, credential);
}
---
Basically I was expecting the second to last line to use
'result.getPrincipal()' instead of just 'credential'.
The lookup of the principal in the authenticationhandler is also
rather slow :-|. I see that if I don't set a resolver I can enrich the
principal in the authentication handler myself and eventually that
principle will be used, but it doesn't seem 'correct'.
Any other ideas?
Auke
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
