Several questions around attributes

Gaetan Dardy gdardy at free.fr
Wed Dec 5 07:57:24 EST 2007 

Thanks,

I'm going to dig deeper in the list.

Gaëtan.

Romain BOURGUE a écrit :
> Gaetan Dardy wrote :
>
>   
>> Hi,
>>
>> I've got several questions to ask :
>> + I'm using LDAP attributes through the bean "attribRepository" and the 
>> manage.html page shows me the attributes when adding a new service. So I 
>> suppose these attributes do exist in the CAS reply. Of course, i'd like 
>> to use the attributes, especially with the PHP client. After reading the 
>> phpCAS code, I assume it is not yet possible. Is it true ?
>>     
>
> Even if CAS does store and manage user attributes, only SAML allow standard use 
> of attributes in CAS. If you don't want to go for SAML, you can still develop 
> your own ServiceValidateController to extend the CAS 2.0 protocol or rely on a 
> WebService ... In these former cases, you'll need to adapt your client API to 
> interpret this non standard protocol.
>
>   
>> + I also assume that the attributes are sent in the ST, maybe de TGC 
>> (with luck), am I right ?
>>     
>
> Nop, TGC and ST do not store any personal information they are just random 
> /pointers/ to the Principal object stored in CAS.
>   
>> + Is it possible to easily "read" this reply in order to check the 
>> attributes without using JSP and themes ?
>>     
>
> IMO, themes won't help. You'd better use WebService or a 
> ServiceValidateController or a /view/ of a ServiceValidateController.
>
>   
>> + Is it possible to have more documentation on SAML 1.1 and the way CAS 
>> manage it  (http://www.ja-sig.org/wiki/display/CASUM/SAML+1.1) ?
>>     
>
>   
>> +Moreover I'd like to know how CAS deployers had dealt with attributes 
>> before, for example, to distinguish students from teachers for one page. 
>> How to provide the right page, using another API outside CAS after 
>> authentication ?
>>     
>
> We've chosen a WebService for the extended validation of ST. But SAML is the 
> standard way for this.
>
>
> Note: this subject has been highly discussed in the list. If you haven't yet, 
> browse the archive for more advices...
>
>
> Romain
>
>   
>> Sorry to bother the list with so many questions.
>> Thanks,
>>
>> Regards,
>>
>> Gaëtan Dardy.
>> SENTIER-Université Lyon 2.
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>     
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071205/e8d2b7a7/attachment.html

More information about the cas mailing list