Last active
December 25, 2015 03:18
-
-
Save kevinfoote/6908427 to your computer and use it in GitHub Desktop.
using persondir to map header attributes into CAS's attributeRepository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
PULL and Map HeadarAttributes for use | |
--> | |
<bean id="currentUserProvider" | |
class="org.jasig.cas.adaptors.trusted.authentication.handler.support.PrincipalBearingCredentialsAuthenticationHandler"/> | |
<bean id="usernameAttributeProvider" class="org.jasig.services.persondir.support.SimpleUsernameAttributeProvider"> | |
<property name="usernameAttribute" value="username" /> | |
</bean> | |
<bean id="requestAttributeSourceFilter" class="org.jasig.services.persondir.support.web.RequestAttributeSourceFilter"> | |
<property name="usernameAttribute" value="userName" /> | |
<property name="additionalDescriptors" ref="requestAdditionalDescriptors" /> | |
<property name="remoteUserAttribute" value="userName" /> | |
<property name="serverNameAttribute" value="serverName" /> | |
<property name="processingPosition" value="BOTH" /> | |
<property name="headerAttributeMapping"> | |
<map> | |
<entry key="eppa" value="eduPersonPrimaryAffiliation" /> | |
<entry key="uid" value="uid" /> | |
<entry key="eppn" value="eduPersonPrincipalName" /> | |
</map> | |
</property> | |
</bean> | |
<bean id="requestAdditionalDescriptors" class="org.jasig.services.persondir.support.MediatingAdditionalDescriptors"> | |
<property name="delegateDescriptors"> | |
<list> | |
<bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="globalSession"> | |
<aop:scoped-proxy /> | |
</bean> | |
<bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="request"> | |
<aop:scoped-proxy /> | |
</bean> | |
</list> | |
</property> | |
</bean> | |
<bean id="requestAttributesDao" class="org.jasig.services.persondir.support.AdditionalDescriptorsPersonAttributeDao"> | |
<property name="descriptors" ref="requestAdditionalDescriptors" /> | |
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" /> | |
</bean> | |
<!-- | |
END building attributes | |
--> | |
<!-- | |
The attribute list is sort of dynamic now due to the fact that you are | |
creating the backingMap through the filter step above. It is assumed | |
you know the data that is going through the filter and if you want it or | |
not. | |
--> | |
<bean id="attributeRepository" | |
class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl"> | |
<property name="usernameAttributeProvider" ref="usernameAttributeProvider" /> | |
<property name="personAttributeDaos"> | |
<list> | |
<ref bean="requestAttributesDao" /> | |
<!--ref bean="mergedPersonAttributeDao" /--> | |
</list> | |
</property> | |
</bean> |
I got this (mostly) working on my test site, but just as a note, I also added the following to cas-server-webapp/src/main/webapp/WEB-INF/web.xml
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
Mentioning it because I haven't seen it in the threads above and it was key to getting this working.
Hi,
Suppose, I want to include password field in request attributeMap object. Could you please help me?
Thanks
Srinivas
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
HI, everyone. I have a problem with basic understanding in configuration and communication between CAS and Shibboleth service provider. I've made all changes mentioned above (trusted handler configuration) and also configured Apache to interact with CAS as described in this guide (https://wiki.shibboleth.net/confluence/display/SHIB2/Shibbolize+a+CAS+server#ShibbolizeaCASserver-ApacheLocations). I see that people above was able setup this configuration and make it working. But I don't understand how basically interaction between CAS and Shibboleth SP performed. My IdP and SP interacting between each other. But I don't see any attempts from the Shibboleth SP send headers with attributes to CAS. I suspect that I am missing something in apache/SP configs, but I am out of idea what that can be. Here is example of the apache config:
I am not sure about proxy pass needed or not. I've tried with and without. Also I can't find following values to replace in my /WEB-INF/login-webflow.xml:
And 3 existing transitions need to be update:
I have only:
This is default CAS deployment configuration.
Abt environment: I have configured Shibbilth IdP(under Tomcat7) and SP(proxied by Apache2.2), CAS(under Tomcat7)
I will appreciate any help and advises.