[cas-dev] CredentialsToAttributePrincipalResolver
Scott Battaglia
scott.battaglia at gmail.com
Wed May 23 08:49:56 EDT 2007
Marvin,
Sorry for the delayed reply to this. The AttributeRepository defines a list
of attributes CAS will be able to understand. The underlying mechanism of
where the list of attributes comes from is hidden in the implementation of
the AttributeRepository (i.e. we have one that scans an LDAP schema). This
AttributeRepository is also tied with the Services Administration section
which allows you, the administrator, to determine which attributes are sent
to any particular service.
Once we get the RC release out, I will spend a little time crafting
documentation for this. But your initial assumptions are correct!
-Scott
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On 5/18/07, Marvin S. Addison <serac at exchange.vt.edu> wrote:
>
> Scott,
>
> I'm trying to follow your suggestion of using AttributeRepository to
> extend CredentialsToAttributePrincipalResolver to return LDAP
> attributes, but, before proceeding, I wanted to confirm that I
> understand the purpose of AttributeRepository. My understanding is that
> administrators can use the registered services management application to
> define the allowed attributes a service receives in the principal
> returned upon successful service ticket validation. Is that correct?
> If so, that is a very powerful feature! If that is incorrect, or there
> are additional concerns, please mention them or point me to
> documentation.
>
> Thanks,
> Marvin
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20070523/ae4659b1/attachment.html
More information about the cas-dev
mailing list