Apereo CAS load user attributes in two steps and store them for attribute release
Virgiliu Ratoi
Hi,
I've posted a question on StackOverflow but nobody was able to answer me. I'm posting it here as well hoping that I would get at least some directions.
In our Apereo CAS protected application we need to display after
login a screen which shows a dropdown with some values from which the
user must select one option. The screen needs to be shown only if
certain conditions are met, depending on some user attributes. In some
scenarios all the attributes that we need are loaded after the login but
in other cases we need to load additional ones depending on the user's
choice. The user selection then has to be converted in some other user
attributes which we want to store in the CAS assertion so that a client
application can access the user attributes and make decisions based on
these attributes.
In order to display this additional screen, we have created a custom
multifactor provider. The loaded attributes are passed to a PrincipalFactory implementation.
Almost everything works fine except the part which happens after the
user dropdown selection. The question is how can I load the principal
attributes in two steps? I tried to update the principal and authentication
objects in my custom action which gets triggered after the user
selection but it does not work, it always keeps the old principal with
the attributes loaded immediately after login.
I think the problem might be due to the fact the attributes are passed to a PrincipalFactory and probably they are only written once and become immutable. I tried to make use of a AuthenticationTransactionManager and a AuthenticationResultBuilder but was not able to add the extra computed attributes.
Any guidance would be highly appreciated.