Different Usernames for Different Services

Scott Battaglia scott.battaglia at gmail.com
Wed Dec 24 10:30:52 EST 2008 

The reason you can't have a TicketGrantingTicket return different usernames
is because a TGT is per session not per username.  Your only real option at
this point is to store both the email and username as part of Principal and
have the JSP code for the service response populate the user field based on
service url provided.

The only other option that I can think of right now is to add code to the
client to allow it to do the lookup.

-Scott

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia


On Tue, Dec 16, 2008 at 7:33 PM, Rich Renomeron - TCG <
richard.renomeron at tcg.com> wrote:

>  Most of my client's applications expect the email address as the username,
> so our CAS implementation is set up to do this.  However, some expect a
> unixish uid, and we would like to CASify those applications.  Each row in
> custom authentication database that's behind our CAS implementation contains
> both the email address and the uid, so it's easy to convert from one to the
> other.  (The login web form always takes the email address.)
>
> We'd like to have CAS return either the email or the uid based on the
> service id.  I thought I had it figured out, but I discovered that the
> TicketGrantingTicketImpl class always returns the username that was first
> used to authenticate.  If the user tried to access an application that
> required the other username form, it would fall apart.
>
> Since I can neither extend TicketGrantingTicketImpl nor create an
> alternative implementation of TicketGrantingTicket (which I'd prefer), is
> there a different way to approach this problem?
>
> Thanks,
> Rich
> --
>  Richard J. Renomeron, Project Lead
>  TCG
>  Yes, it *can* be done!
> Tel: (202) 742-8460
> Fax: (202) 986-5532
> Email: richard.renomeron at tcg.com
> AIM: rrenomeronTCG
> www.tcg.com
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20081224/a1d5fbdb/attachment.html

More information about the cas mailing list