Return More than User Name
Scott Battaglia
scott.battaglia at gmail.com
Tue Aug 7 15:06:02 EDT 2007
Barrow,
I've updated the web site to reflect the Subversion information. Thanks for
pointing that out.
The PersonDirectory API javadocs should be up to date (according to their
title):
http://developer.ja-sig.org/projects/person-directory/apidocs/index.html
If you take a look at:
http://developer.ja-sig.org/source/browse/jasigsvn/cas3/trunk/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/protocol/2.0/casServiceValidationSuccess.jsp?r=39553
the thing to reference the principal is as follows:
assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications
)-1].principal
(you can obviously place that in a variable using <c:set... />)
Hope that helps.
-Scott
On 8/6/07, Barrow Kwan <bhkwan at thoughtworks.com> wrote:
>
> Thanks Scott. I took a quick look and this seems to be straightforward.
> I have a few comments :
> 1. on CAS website, it show us the CVS information. I didn't realize that
> until you mention about Subversion. I have to do a search on the Wiki site
> to find out the SVN location.
> 2. the Personal Directory site seems out-of-date especially if I use
> personal directory V1.
>
>
> I think my question about accessing the attributes in the JSP is not very
> clear, what I really mean is if principal is available as a tag ( eg, I
> can reference principal in the JSP as $(principal) throught the Spring Tag
> library ).
>
>
> thanks
>
>
>
> On Aug 5, 2007, at 5:46 PM, Scott Battaglia wrote:
>
> I just looked at the RC4 code and the
> UsernamePasswordCredentialsToPrincipalResolver should call the
> PersonDirectory to retrieve any attributes for that username. You wil need
> to configure an instance of PersonDirectory
>
> PersonDirectory documentation can be found here:
> http://developer.ja-sig.org/projects/person-directory/
> http://www.ja-sig.org/wiki/display/UPC/Person+Directory
>
> The first link is probably more up-to-date.
>
> -Scott
>
> On 8/5/07, Scott Battaglia <scott.battaglia at gmail.com> wrote:
> >
> > Barrow,
> >
> > You can either use one of the existing examples that utilizes the
> > PersonDirectory project to retrieve attributes. Or, you can write a custom
> > CredentialsToPrincipalResolver that will call PersonDirectory. I'm going to
> > see if I can write one that does that for the 3.1 release.
> >
> > You should be able to access the attributes in the JSP page as you would
> > any other JavaBean in principal.attributes["attribute"] where principal
> > is the principal whos attribute you want to retrieve.
> >
> > If I get a new CredentialsToPrincipalResolver into Subversion I will let
> > you know.
> >
> > -Scott
> >
> > On 8/5/07, Barrow Kwan < bhkwan at thoughtworks.com> wrote:
> > >
> > > I am still not sure how this works,
> > > ( PS: I am using CAS 3.1RC4 )
> > >
> > > 1. Principal:
> > > I have looked at UsernamePasswordCredentialsToPrincipalResolver as an
> > > example. It creates and return the Principal as
> > > ..
> > > return new SimplePrincipal(usernamePasswordCredentials.getUsername());
> > > ..
> > >
> > > So, do I need to create the "attributes" map and pass to the
> > > Principal's constructor?
> > >
> > > eg
> > > return new MyComplexPrincipal(usernamePasswordCrednetials.getUsername(),
> > > myAttributesMapWithAdditionalStuff );
> > >
> > > myAttributesMapWithAdditionalStuff is my Map that contain informations
> > > like email, first/last name ,etc...
> > >
> > >
> > >
> > >
> > > 2. I am trying to customize casGenericSuccess.jsp, how do I retrieve
> > > information from MyComplexPrincipal?
> > >
> > >
> > >
> > > Thanks
> > >
> > >
> > >
> > > On Aug 2, 2007, at 5:56 AM, Scott Battaglia wrote:
> > >
> > > In the latest CAS release, the Principal has a new property called
> > > "attributes" which is map. There are implementations that obtain attributes
> > > from the JA-SIG PersonDirectory API and populate that map. CAS 3.1will return those attributes via the SAML response (though you'll need to
> > > use it in conjunction with the Services Management tool to "release" the
> > > attributes to the client applications).
> > >
> > > In Subversion, there should be a SAMLTicketValidator that will parse
> > > the SAML response. Note that its not 100% compatible with the current CAS
> > > Server release because the protocol states that the artifact resolution
> > > request should come over SOAP (the TicketValidator in HEAD merely sends it
> > > as a HTTP Request parameter). Its not a very difficult change to make
> > > though. I just haven't had time yet.
> > >
> > > -Scott
> > >
> > > On 8/1/07, Barrow Kwan < bhkwan at thoughtworks.com> wrote:
> > > >
> > > > this question was asked back to april and Scott said :
> > > >
> > > > You just need to create a CredentialsToPrincipalResolver that
> > > > returns
> > > > attributes and then use the /samlValidate url instead of
> > > > /serviceValidate
> > > > (and an appropriate TicketValidator). The CAS Client for Java
> > > > 3.1-m1 has a
> > > > SamlTicketValidator you can use as an example.
> > > >
> > > > -Scott
> > > >
> > > >
> > > > I still stuck with the Saml, did someone has a working example we
> > > > can reference?
> > > >
> > > >
> > > > thanks
> > > >
> > > >
> > > >
> > > > Barrow Kwan
> > > > ThoughtWorks Inc
> > > > 410 Townsend St, 4th Floor
> > > > San Francisco, CA 94107
> > > > USA
> > > > (415)869-3103
> > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > cas at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > -Scott Battaglia
> > >
> > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > > Barrow Kwan
> > > ThoughtWorks Inc
> > > 410 Townsend St, 4th Floor
> > > San Francisco, CA 94107
> > > USA
> > > (415)869-3103
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > >
> >
> >
> > --
> > -Scott Battaglia
> >
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
>
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> Barrow Kwan
> ThoughtWorks Inc
> 410 Townsend St, 4th Floor
> San Francisco, CA 94107
> USA
> (415)869-3103
>
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070807/5232e2b4/attachment.html
More information about the cas
mailing list