Hi, Historically, with cas2 in production we have been using a customized xml response returned by casServiceValidationSuccess.jsp. Now we are wanting to move up to cas3.2.1 and the customized xml response breaks the services management servlet. Specifically, the cas client in acegi security is wanting the xml tag to be "<cas:user>" and we are sending "<cas:NetID>". I am investigating the approach of customizing the cas3.2.1 server so as not to break the existing webapps on campus that are expecting NetID in the xml response. To do this it looks like the cas client used by acegi security has to be customized.
In searching the net I came across an exchange where someone else had a similar issue in March 2008. Scott submitted the following advice. "The custom attributes you defined are not recognized by the CAS client used by Acegi (because, well, they're custom). The CAS client used by Acegi by default interprets the protocol exactly and ignores anything that's extra. The upcoming Spring Security 2 will utilize the newer CAS Client for Java 3.1.1 which would make it easier to inject a custom ticket validator to retrieve those attributes. In addition, the Assertion (which holds the Principal and the attributes) will be available as part of the CasAuthenticationToken. This won't be ready until Spring Security 2.0 comes out though." So, I have been trying to follow up on this advice and I have run into an obstacle I need help with. When I upgrade to Spring Security 2 I see the bean casAuthoritiesPopulator in securityContext.xml is still needed, but the class DaoCasAuthoritiesPopulator does not seem to be available in Spring Security 2. So, what do I replace it with? Do I have to write a class that returns a UserDetailsService ? Thanks, Robert Lewis _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
