-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SEC-1228: Create UserDetailsService for CAS That Leverages SAML-based Attribute Release #1463
Comments
Fabio Canepa said: I'm trying to implement this feature and I want to share my experiment public class MyCasAuthenticationProvider extends CasAuthenticationProvider {
} Where MyUser it's subclass of org.springframework.security.userdetails.User which contains fields for firstName and email. |
Luke Taylor said: Setting 3.1 as the fix date. Feel free to change if you manage to do it earlier Scott :). |
Scott Battaglia said: Moved this back because we might have some stuff in by the next RC! |
Scott Battaglia said: I've added an AuthenticationUserDetailsService that given an Assertion and a list of attributes, will construct a new UserDetails using the attribute's values as GrantedAuthorities. Do we want any other types of AuthenticationUserDetailsServices? I also have an abstract class so that creating your own to read an assertion should be relatively easy. |
Luke Taylor said: I guess the purpose of attributes may vary a lot, so we should probably just let people provide their custom implementation if they want anything more than a set of authorities. |
Scott Battaglia said: Okay then this is done except for some test cases. I'll see if I can do that soon. |
Dominique Arnou said: Hello, I get the following error: Problem accessing /cas-sample/j_spring_cas_security_check. Reason:
How do I set this token in my context? Cheers, Dominique |
Scott Battaglia said: Can you send me the complete stack trace? I'll take a look. |
Dominique Arnou said: Good evening, To begin, the webapp-sample case is provided in your source repository. I have provided an extract file applicationContext-security.xml : I just changed the property userDetailsService in authenticationUserDetailsService, and created a bean GrantedAuthorityFromAssertionAttributesUserDetailsService. The trace spring-security-cas-client.log and a copy of the stacktrace displayed are also provided Best regards, Dominique Sorry for my English translated |
Scott Battaglia said: Can you try it out now. I had a typo in the Assert call. |
Dominique Arnou said: Hi, the fix works, but a new error occurred: Line 73 invokes the method GrantedAuthorityFromAssertionAttributesUserDetailsService.java User (assertion.getPrincipal (). GetName (),...), but a 500 error occurs: HTTP ERROR 500 Problem accessing /cas-sample/j_spring_cas_security_check. Reason:
Caused by: java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor |
Scott Battaglia said: I wonder if its because there are no values for the attributes? I can take a look tomorrow. Are you returning any attributes? Cheers, |
Scott Battaglia said: Just realized that we were passing in NULL as the password which is not allowed. Fixed that, so try it out now. |
Marvin S. Addison (Migrated from SEC-1228) said:
Now that CAS supports attribute release in the service ticket validation response via the SAML 1.1 protocol, it should be straightforward to provide a UserDetailsService for CAS that can map attributes onto roles and other user information needed by applications that use Spring Security.
The text was updated successfully, but these errors were encountered: