CAS 5 is it possible to configure multiple jdbc attribute repositories?

[Jeffrey Wong]

I'm analyzing an upgrade to cas5 today, and I'm wondering if it's possible to merge multiple JDBC attribute repositories together.

In the docs, the following attributes are listed:

# cas.authn.attributeRepository.jdbc.singleRow=true

# cas.authn.attributeRepository.jdbc.requireAllAttributes=true

# cas.authn.attributeRepository.jdbc.caseCanonicalization=NONE|LOWER|UPPER

# cas.authn.attributeRepository.jdbc.queryType=OR|AND

# cas.authn.attributeRepository.jdbc.sql=SELECT * FROM table WHERE {0}

Would it be possible to set up multiple repository queries so that multiple jdbcs can be configured, similar to the jdbc auth handlers?

(such as cas.authn.jdbc.query[0].sql=SELECT password FROM table WHERE name=?)

The above would be able to be configured as:

# cas.authn.attributeRepository.jdbc[0].singleRow=true

# cas.authn.attributeRepository.jdbc[0].requireAllAttributes=true

# cas.authn.attributeRepository.jdbc[0].caseCanonicalization=NONE|LOWER|UPPER

# cas.authn.attributeRepository.jdbc[0].queryType=OR|AND

# cas.authn.attributeRepository.jdbc[0].sql=SELECT * FROM table WHERE {0}

If this is possible it should at least be documented so other folks don't have the same question :)

Thanks!

-Jeff

[Misagh Moayyed]

Already possible in 5.1.0.

https://apereo.github.io/cas/development/integration/Attribute-Resolution.html

 

--Misagh

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/82e9bf80-e646-403b-b17d-ead6a338dd9a%40apereo.org.

[Misagh Moayyed]

And there is this:

https://apereo.github.io/cas/development/installation/Configuration-Properties.html#authentication-attributes

 

Given this is today in SNAPSHOT mode, it’s the perfect opportunity to start testing it and report back any and all issues. (See the release schedule for more info)

 

--Misagh

 

From: Misagh Moayyed [mailto:mmoa...@unicon.net]
Sent: Wednesday, November 30, 2016 1:41 PM
To: cas-...@apereo.org
Subject: RE: [cas-user] CAS 5 is it possible to configure multiple jdbc attribute repositories?

 

Already possible in 5.1.0.

https://apereo.github.io/cas/development/integration/Attribute-Resolution.html

 

--Misagh

 

From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of Jeffrey Wong
Sent: Wednesday, November 30, 2016 1:30 PM
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] CAS 5 is it possible to configure multiple jdbc attribute repositories?

 

I'm analyzing an upgrade to cas5 today, and I'm wondering if it's possible to merge multiple JDBC attribute repositories together.

--

[Jeffrey Wong]

Ah, perfect! Thanks so much for the quick turnaround; I'll start testing on the snapshot! :)

[Pablo Vidaurri]

sorry for resurrecting old thread ... is this possible starting with 5.1.0? Can I do something similar with 3.5.2? 

pull some attributes from ldap, pull additional attributes from oracle db, then merge attributes

Yes, I know I need to upgrade :)

-psv

[Ray Bon]

Pablo,

Here it is in 5.2

https://apereo.github.io/cas/5.2.x/integration/Attribute-Resolution.html

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

[David Curry]

Yes, you can do something like that in 3.5.2.

In short, you define all your attribute repositories in deployerConfigContext.xml, giving them unique bean ids other than "attributeRepository", and then you replace the "attributeRepository" bean that came out-of-the-box with CAS with a new one that merges the contents of the other repositories together:

<bean id="attributeRepository"

      class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl">

    <property name="merger">

        <bean class="org.jasig.services.persondir.support.merger.NoncollidingAttributeAdder" />

    </property>

    <property name="personAttributeDaos">

        <list>

            <ref bean="myActiveDirectoryAttributeRepository" />

            <ref bean="myLdapAttributeRepository" />

            <ref bean="myOracleAttributeRepository" />

        </list>

    </property>

</bean>

The NoncollidingAttributeAdder used above adds attributes to the merged repository only if they aren't already there. This means that, if two directories both have an attribute of the same name, the first directory's value will "win." There are other merging strategies available if you don't like that one.

If you need more background about the above (such as how to configure the individual attribute repositories), drop me a note off-list and I can send you some step-by-step documentation.

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG

---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2fd52e95-118e-4c03-9952-d9e5f4cc5d49%40apereo.org.