Thanks for the response. I was afraid it might be something hard-coded in, but knowing exactly where to look in the code is a great help.
Yale CAS mailing list <[email protected]> writes: >Currently the XML utilized for the SAML response is stored in the code and its >hard-coded to get the UserId, so you'd have to modify this code: >[ >http://developer.ja-sig.org/source/browse/jasigsvn/cas3/branches/cas-3-2_maintenance/cas-server-core/src/main/java/org/jasig/cas/authentication/principal/GoogleAccountsService.java?r=43968#l154 >]http://developer.ja-sig.org/source/browse/jasigsvn/cas3/branches/cas-3-2_maintenance/cas-server-core/src/main/java/org/jasig/cas/authentication/principal/GoogleAccountsService.java?r=43968#l154 > >to retrieve a value from somewhere else (i.e. from >principal.getAttributes("otherName") > >-Scott > >-Scott Battaglia >PGP Public Key Id: 0x383733AA >LinkedIn: [ http://www.linkedin.com/in/scottbattaglia >]http://www.linkedin.com/in/scottbattaglia > > >On Thu, Sep 11, 2008 at 6:29 PM, Isaac Davis-King <[ mailto:[EMAIL PROTECTED] >[EMAIL PROTECTED]> wrote: > > > >Hi all, I hate to be a pest about this, but we were hoping to have a demo >prepared next week of CAS/Google Apps integration. � Does anyone have any >insight into how it might be possible to modify the CAS SAML response to >return information other >than the user id? > >We currently have CAS configured as a SSO gateway for a test implementation of >Google Apps. Everything is working great, except that we do not want our >primary net ID to be the default email address used within GMail. After >speaking with Google, >they recommend passing the preferred email address within the SAML request. � >Is it possible to configure the CAS ArgumentExtractor to take a field from >AD/LDAP and pass it along in the SAML request for Google to use? � If so, how >would we go about >doing that? > >Here is the Google response to our initial inquiry: >As for your question about usernames being different from email addresses. >This is something that you can do with our Single Sign On API. It will be >included in the code that you develop, but basically, you will authenticate >off of your system, we >will never see that user name and when you send the token back to us it will >include the email address that you have assigned. I have included >documentation on the API below. Let me know if you have additional questions >after looking at it, and I >can have you consult a technical specialist.� > >Single Sign On API -� [ >http://code.google.com/apis/apps/sso/saml_reference_implementation.html >]http://code.google.com/apis/apps/sso/saml_reference_implementation.html
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
