Return More than User Name
Scott Battaglia
scott.battaglia at gmail.com
Thu Apr 26 09:05:28 EDT 2007
CAS 3.1 will support sending back attributes via SAML (though its possible
to send it back other ways). We've built in a "Services Management" tool to
allow you to control which attributes get sent back to which service. Of
course, clients would have to be updated to take advantage of these new
features.
We're currently targeting a CAS 3.1 release for June. We will be looking
for volunteers to help us update clients :-)
-Scott
On 4/24/07, Uday Kari <ukari at pdc.org> wrote:
>
> Excellent, Thanks.
>
> I will look into JOSSO right away...although my question was pertaining
> to Yale CAS. Returning XML is indeed a good idea if you wish to build a
> custom client to use it. However, Yale CAS provides a client which
> should be able to consume anything that the server throws at it (XML or
> whatever).
>
> If this is possible, then I think it is just a matter of some clever
> filter-chaining within web.xml to get from Yale CAS login to tomcat
> role-based login. I was just wondering if anyone had already done that
> and if I am able to do it, I will certainly post here.
>
> Regards,
>
> Uday Kari
>
> -----Original Message-----
> From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
> On Behalf Of Ding Kai-Jian
> Sent: Tuesday, April 24, 2007 10:27 AM
> To: cas at tp.its.yale.edu
> Subject: Re: Return More than User Name
>
> Uday Kari <ukari at ...> writes:
>
> >
> > Indeed, I am VERY interesting in this capability as well (that is
> > returning more than just username).
> >
> > Specifically, the servlet specification seems to suggest that HTTP
> > request needs to
> >
> > A) return the login username as a result of request.getRemoteUser()
> > B) return "true" for request.isUserInRole("rolename")
> > C) return non-null UserPrincipal object for request.getUserPrincipal()
> >
> > Is there a way to do this "roles-aware" type of login using Yale CAS
> > server/client out-of-the-box for tomcat?
>
> Yes, there is out-of-box support for this within tomcat.
> JAAS is based on role.
> And I know josso(another opensource sso product) dose just what you said
> based
> on JAAS and tomcat.
> Do you mean CAS 3.1 M3 or later will support doing like that?
>
> But I still think returning extra info using xml
> (casServiceValidationSuccess.jsp??) is a better idea.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070426/bb9423c9/attachment.html
More information about the cas
mailing list