CAS would need to return these attributes back to the app obviously. Once the configuration is done, your client can either call /samlValidate to get the attributes, or call /serviceValidate with a modified CAS response. The client would also need to be able parse the returned attributes and stuff them into your principal.
From: Zac Harvey [mailto:[email protected]] Sent: Thursday, May 29, 2014 10:51 AM To: [email protected] Subject: RE: [cas-user] Pulling back usernames from BindLdapAuthenticationHandler/AD? Thanks Misagh - and what if I wanted to display a user's first and last name (this information would be stored in AD)? For instance, the user signs in with a username of "somedummy" but we want CAS to return somedummy's first name ("Some") and last name ("Dummy")? Ideas? From: Misagh Moayyed [mailto:[email protected]] Sent: Thursday, May 29, 2014 11:13 AM To: [email protected] Subject: RE: [cas-user] Pulling back usernames from BindLdapAuthenticationHandler/AD? Your app seems like should get the principal from the authenticationToken that is set by the filters in the client. From: Zac Harvey [mailto:[email protected]] Sent: Thursday, May 29, 2014 7:13 AM To: [email protected] Subject: RE: [cas-user] Pulling back usernames from BindLdapAuthenticationHandler/AD? It's a Grails app (so Groovy webapp). Using the Shiro-CAS <http://grails.org/plugin/shiro-cas> Grails plugin for authentication. Thoughts? From: Misagh Moayyed [mailto:[email protected]] Sent: Thursday, May 29, 2014 10:02 AM To: [email protected] Subject: RE: [cas-user] Pulling back usernames from BindLdapAuthenticationHandler/AD? What type of application do you have? From: Zac Harvey [mailto:[email protected]] Sent: Thursday, May 29, 2014 6:55 AM To: [email protected] Subject: [cas-user] Pulling back usernames from BindLdapAuthenticationHandler/AD? I currently have my CAS instance authenticating against our AD server via BindLdapAuthenticationHandler (this is injected from deployerConfigContext.xml). I now have a requirement to pull back usernames after they authenticate. Thus, the workflow should be: 1. User goes to my app at an authenticated URL 2. User gets redirected to CAS login page 3. User (username is somedummy, etc.) logs in, and authenticates 4. User is redirected back to my app (at the original URL they wanted to go to) 5. My app now has their username (somedummy) stored somewhere (cookie, HTTP response param, etc.) that it can lookup If this possible? If so, how/where? Thanks! -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
