CAS 5.0.5 how to release attributes with Protocol V 2.0
550 views
Skip to first unread message
Cyrus Grissom
May 14, 2017, 4:23:30 PM5/14/17
to CAS Community
Hello,
Does anybody knows how to release attributes using the protocol 2.0 with CAS 5.0.5 ?
I tried some customisations of "CasServiceValidationSuccess.html" file but without success.
Many thanks for your help,
Steve.
Robert Oschwald
May 15, 2017, 2:02:23 AM5/15/17
to cas-...@apereo.org
You do not need to customize CasServiceValidationSuccess.html, if you just want to release attributes the same way as p3.
For 5.0.5, you currently need to do the following things:
1. Overwrite the serviceValidateController bean definition, and wire in the cas3ServiceSuccessView, like so:
@Bean
public ServiceValidateController serviceValidateController() {
final ServiceValidateController c = new ServiceValidateController();
c.setValidationSpecification(this.cas20WithoutProxyProtocolValidationSpecification);
c.setSuccessView(cas3ServiceSuccessView());
c.setFailureView(cas2ServiceFailureView);
c.setProxyHandler(proxy20Handler);
c.setAuthenticationSystemSupport(authenticationSystemSupport);
c.setServicesManager(servicesManager);
c.setCentralAuthenticationService(centralAuthenticationService);
c.setArgumentExtractor(argumentExtractor);
c.setMultifactorTriggerSelectionStrategy(multifactorTriggerSelectionStrategy);
c.setAuthenticationContextValidator(authenticationContextValidator);
c.setJsonView(cas3ServiceJsonView());
c.setAuthnContextAttribute(casProperties.getAuthn().getMfa().getAuthenticationContextAttribute());
return c;
}
}
There is a current limitation up to 5.0.5, were it is not possible to overwrite these bean definitions. Therefore, you must copy the whole CasValidationConfiguration.java class from the CAS sources into your overlay projects org.apereo.cas.web.config package and make the change there.
This will be fixed in 5.0.6, where you only need to define the bean definition above in your own config class, like OverwrittenServiceValidateConfiguration.
2. Set a property to use the p3 view for 2.0.
Set the following property in cas.properties to use the p3 view for 2.0 as well:
cas.view.cas2.success=protocol/3.0/casServiceValidationSuccess
Hope that helps,
Robert
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c89672af-ef5e-4e98-892b-93c1f8aaf091%40apereo.org.
For 5.0.5, you currently need to do the following things:
1. Overwrite the serviceValidateController bean definition, and wire in the cas3ServiceSuccessView, like so:
@Bean
public ServiceValidateController serviceValidateController() {
final ServiceValidateController c = new ServiceValidateController();
c.setValidationSpecification(this.cas20WithoutProxyProtocolValidationSpecification);
c.setSuccessView(cas3ServiceSuccessView());
c.setFailureView(cas2ServiceFailureView);
c.setProxyHandler(proxy20Handler);
c.setAuthenticationSystemSupport(authenticationSystemSupport);
c.setServicesManager(servicesManager);
c.setCentralAuthenticationService(centralAuthenticationService);
c.setArgumentExtractor(argumentExtractor);
c.setMultifactorTriggerSelectionStrategy(multifactorTriggerSelectionStrategy);
c.setAuthenticationContextValidator(authenticationContextValidator);
c.setJsonView(cas3ServiceJsonView());
c.setAuthnContextAttribute(casProperties.getAuthn().getMfa().getAuthenticationContextAttribute());
return c;
}
}
There is a current limitation up to 5.0.5, were it is not possible to overwrite these bean definitions. Therefore, you must copy the whole CasValidationConfiguration.java class from the CAS sources into your overlay projects org.apereo.cas.web.config package and make the change there.
This will be fixed in 5.0.6, where you only need to define the bean definition above in your own config class, like OverwrittenServiceValidateConfiguration.
2. Set a property to use the p3 view for 2.0.
Set the following property in cas.properties to use the p3 view for 2.0 as well:
cas.view.cas2.success=protocol/3.0/casServiceValidationSuccess
Hope that helps,
Robert
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c89672af-ef5e-4e98-892b-93c1f8aaf091%40apereo.org.
Adam Causey
May 15, 2017, 7:41:53 AM5/15/17
to cas-...@apereo.org
Steve,
We are successfully releasing attributes on version 5.0.5 with the CAS 2.0 protocol by overriding the casServiceValidationSuccess.html in our WAR overlay. Do you have the file in the correct directory? It should be in src/main/resources/templates/protocol/2.0. We are using a custom namespace.
Here's what I am using:
<cas:authenticationSuccess>
<cas:user>[[${principal.id}]]</cas:user>
<cas:proxyGrantingTicket th:if="${pgtIou}">[[${pgtIou}]]</cas:proxyGrantingTicket>
<cas:proxies th:if="${not #lists.isEmpty(chainedAuthentications)}">
<cas:proxy th:each="proxy : ${chainedAuthentications}">[[${proxy.principal.id}]]</cas:proxy>
</cas:proxies>
<vcu:attributes th:if="${not #lists.isEmpty(assertion.primaryAuthentication.principal.attributes)}">
<th:block th:each="attr : ${assertion.primaryAuthentication.principal.attributes}">
<th:block th:switch="${#strings.startsWith(attr.value.class.name,'java.util.Collection')}">
<th:block th:case="${true}">
<th:block th:each="av : ${attr.value}">
<span th:utext="${'<vcu:' + attr.key + '>' + av + '</vcu:' + attr.key + '>'}" th:remove="tag"></span>
</th:block>
</th:block><th:block th:case="${false}">
<span th:utext="${'<vcu:' + attr.key + '>' + attr.value + '</vcu:' + attr.key + '>'}" th:remove="tag"></span>
</th:block>
</th:block>
</th:block>
</vcu:attributes>
</cas:authenticationSuccess>
</cas:serviceResponse>
You could also try Robert's suggestion - I'm just relaying that the html customization is working for us.
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c89672af-ef5e-4e98-892b-93c1f8aaf091%40apereo.org.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4474DD13-8559-411E-A603-F9EB24F6AF94%40gmail.com.To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
Rinku Vats
May 15, 2017, 11:26:11 AM5/15/17
to cas-...@apereo.org
Hi Cyrus,
Please follow below steps for releasing attributes and also for getting attributes at Java Cas Client side.
Add below properties into your application.properties
cas.authn.attributeRepository.singleRow=true
cas.authn.attributeRepository.jdbc.healthQuery='your health check query'
#cas.authn.attributeRepository.jdbc.sql=select email from 'table name' where {0};
cas.authn.attributeRepository.jdbc.username=email(0 parameter)
cas.authn.attributeRepository.jdbc.url= database detail
cas.authn.attributeRepository.jdbc.requireAllAttributes=true
cas.authn.attributeRepository.jdbc.user= username
cas.authn.attributeRepository.jdbc.password= password
cas.authn.attributeRepository.jdbc.autocommit=false
cas.authn.attributeRepository.jdbc.driverClass= driver
cas.authn.attributeRepository.jdbc.dialect= dialect
cas.authn.attributeRepository.attributes.email= attribute name by which name your r getting from table
cas.authn.attributeRepository.attributes.firstname= same as above there can be multiple values
cas.authn.attributeRepository.attributes.test=test
cas.authn.attributeRepository.defaultAttributesToRelease=write here all your attributes here with comma seperated firstname , test
After that your can check in your CAS server logs there will be attribute mapping things got.
After that your can use below link for creating Java Cas client for checking Attributes in Your client side.
https://github.com/cas-projects/cas-sample-java-webapp (update cas server details in it)
For Above detail you can read from https://apereo.github.io/2017/02/22/cas51-dbauthn-tutorial/
BR
Rinku Sharma
Java Developer
+919759569142/+917599183846
+919759569142/+917599183846
Linkedin - http://linkedin.com/in/rinkuvats
skypee - vats.rinku
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c89672af-ef5e-4e98-892b-93c1f8aaf091%40apereo.org.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4474DD13-8559-411E-A603-F9EB24F6AF94%40gmail.com.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAN6MV5On47tbJa9aR2qVVCdXzTufz%2BNCeXZvrpvL13cgJG57nw%40mail.gmail.com.
Cyrus Grissom
May 15, 2017, 2:20:22 PM5/15/17
to cas-...@apereo.org
Hello Adam,
Many thanks for your help, this solution is working !! J
Thanks,
Steve.
De : cas-...@apereo.org [mailto:cas-...@apereo.org] De la part de Adam Causey
Envoyé : lundi 15 mai 2017 13:41
À : cas-...@apereo.org
Objet : Re: [cas-user] CAS 5.0.5 how to release attributes with Protocol V 2.0
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c89672af-ef5e-4e98-892b-93c1f8aaf091%40apereo.org.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4474DD13-8559-411E-A603-F9EB24F6AF94%40gmail.com.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAN6MV5On47tbJa9aR2qVVCdXzTufz%2BNCeXZvrpvL13cgJG57nw%40mail.gmail.com.
Cyrus Grissom
May 15, 2017, 2:20:27 PM5/15/17
to CAS Community
Hello Robert,
Many thanks for your help. I will wait CAS 5.0.6 to apply this solution. I tried the solution sent by Adam Causey and it's working too ! :-)
Thanks,
Steve.
Reply all
Reply to author
Forward
0 new messages