Thanks,

I'm going to dig deeper in the list.

Gaëtan.

Romain BOURGUE a écrit :
Gaetan Dardy wrote :

Hi,

I've got several questions to ask :
+ I'm using LDAP attributes through the bean "attribRepository" and the manage.html page shows me the attributes when adding a new service. So I suppose these attributes do exist in the CAS reply. Of course, i'd like to use the attributes, especially with the PHP client. After reading the phpCAS code, I assume it is not yet possible. Is it true ?

Even if CAS does store and manage user attributes, only SAML allow standard use of attributes in CAS. If you don't want to go for SAML, you can still develop your own ServiceValidateController to extend the CAS 2.0 protocol or rely on a WebService ... In these former cases, you'll need to adapt your client API to interpret this non standard protocol.

+ I also assume that the attributes are sent in the ST, maybe de TGC (with luck), am I right ?

Nop, TGC and ST do not store any personal information they are just random /pointers/ to the Principal object stored in CAS.
+ Is it possible to easily "read" this reply in order to check the attributes without using JSP and themes ?

IMO, themes won't help. You'd better use WebService or a ServiceValidateController or a /view/ of a ServiceValidateController.

+ Is it possible to have more documentation on SAML 1.1 and the way CAS manage it (http://www.ja-sig.org/wiki/display/CASUM/SAML+1.1) ?

+Moreover I'd like to know how CAS deployers had dealt with attributes before, for example, to distinguish students from teachers for one page. How to provide the right page, using another API outside CAS after authentication ?

We've chosen a WebService for the extended validation of ST. But SAML is the standard way for this.


Note: this subject has been highly discussed in the list. If you haven't yet, browse the archive for more advices...


Romain

Sorry to bother the list with so many questions.
Thanks,

Regards,

Gaëtan Dardy.
SENTIER-Université Lyon 2.

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas


_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to