Hi,
I'm authenticating a community of uPortal 3.01 end users against
Shibboleth. At authentication time I extract group memberships from the
HTTP headers and cache them as IPerson attributes. I've set up a 1:1
mapping between PAGS groups and Shibboleth groups. I hoped I could
simply override PersonAttributesGroupStore.contains() to validate group
membership based on these attributes but (I guess by design) there
seems to be no way to access the authenticated IPerson object from the
PAGS classes.
Can anyone suggest another way to map users to groups without using a
persistent datastore? Because authentication is federated, I can't
always map users to a remote LDAP directory or RDBMS instance; I get
access to the membership information only at the point of
authentication, contained in HTTP headers.
Thanks in advance!
--
Simon Farrell
UCL
Gower Street
London
WC1E 6BT
--
You are currently subscribed to [email protected] as: [EMAIL
PROTECTED]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/uportal-dev
