[cas-dev] Chained Attribute Repositories

Scott Battaglia scott.battaglia at gmail.com
Wed Oct 29 11:59:00 EDT 2008 

And by number I mean I've seen one Merging Attribute Dao ;-)

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia


On Wed, Oct 29, 2008 at 11:58 AM, Scott Battaglia <scott.battaglia at gmail.com
> wrote:

> Marvin,
>
> PersonDirectory has a number of merging PersonAttributeDaos that may do
> what you need.
>
> -Scott
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
>
> On Wed, Oct 29, 2008 at 11:43 AM, Marvin S. Addison <serac at vt.edu> wrote:
>
>> There does not appear to be a feature in CAS 3.3 that allows chaining
>> of attribute repositories.  It would be very beneficial to allow
>> CredentialsToPrincipalResolver instances to consult a number of
>> IPersonAttributeDao instances for attributes about the authenticated
>> principal:
>>
>> <bean class="CredentialsToLDAPAttributePrincipalResolver">
>>  <property name="credentialsToPrincipalResolver">
>>    <bean class="X509CertificateCredentialsToIdentifierPrincipalResolver">
>>      <property name="identifier" value="$UID" />
>>    </bean>
>>  </property>
>>  <property name="filter" value="(uid=%u)" />
>>
>>  <!-- The attribute used to define the new Principal ID -->
>>  <property name="principalAttributeName" value="uupid" />
>>
>>  <property name="searchBase" value="ou=People,dc=vt,dc=edu" />
>>  <property name="contextSource" ref="edAuthContextSource" />
>>  <property name="attributeRepositories>
>>    <list>
>>      <ref bean="primaryLdapRepository" />
>>      <ref bean="secondaryLdapRepository" />
>>    </list>
>>  </property>
>> </bean>
>>
>> I realize that for CredentialsToLDAPAttributePrincipalResolver it may
>> only make sense to consult LDAP repositories, but the true power of
>> chained attribute sources lies in arbitrary data sources (e.g. RDBMS,
>> statically-configured).  The Shib Java IDP supports this feature, and
>> I can say from experience that it's powerful.
>>
>> Please speak up if you think this feature would be beneficial.  We may
>> have a requirement to support multiple attribute sources, and would be
>> willing to contribute our solution if there's interest.
>>
>> Thanks,
>> Marvin
>> _______________________________________________
>> cas-dev mailing list
>> cas-dev at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20081029/e19d854c/attachment.html

More information about the cas-dev mailing list