SEC-1228: Create UserDetailsService for CAS That Leverages SAML-based Attribute Release #1463
Comments
|
Fabio Canepa said: I'm trying to implement this feature and I want to share my experiment public class MyCasAuthenticationProvider extends CasAuthenticationProvider { } Where MyUser it's subclass of org.springframework.security.userdetails.User which contains fields for firstName and email. |
|
Luke Taylor said: Setting 3.1 as the fix date. Feel free to change if you manage to do it earlier Scott :). |
|
Scott Battaglia said: Moved this back because we might have some stuff in by the next RC! |
|
Scott Battaglia said: I've added an AuthenticationUserDetailsService that given an Assertion and a list of attributes, will construct a new UserDetails using the attribute's values as GrantedAuthorities. Do we want any other types of AuthenticationUserDetailsServices? I also have an abstract class so that creating your own to read an assertion should be relatively easy. |
|
Luke Taylor said: I guess the purpose of attributes may vary a lot, so we should probably just let people provide their custom implementation if they want anything more than a set of authorities. |
|
Scott Battaglia said: Okay then this is done except for some test cases. I'll see if I can do that soon. |
|
Dominique Arnou said: Hello, I get the following error: Problem accessing /cas-sample/j_spring_cas_security_check. Reason: How do I set this token in my context? Cheers, Dominique |
|
Scott Battaglia said: Can you send me the complete stack trace? I'll take a look. |
|
Dominique Arnou said: Good evening, To begin, the webapp-sample case is provided in your source repository. I have provided an extract file applicationContext-security.xml : I just changed the property userDetailsService in authenticationUserDetailsService, and created a bean GrantedAuthorityFromAssertionAttributesUserDetailsService. The trace spring-security-cas-client.log and a copy of the stacktrace displayed are also provided Best regards, Dominique Sorry for my English translated |
|
Scott Battaglia said: Can you try it out now. I had a typo in the Assert call. |
|
Dominique Arnou said: Hi, the fix works, but a new error occurred: Line 73 invokes the method GrantedAuthorityFromAssertionAttributesUserDetailsService.java User (assertion.getPrincipal (). GetName (),...), but a 500 error occurs: HTTP ERROR 500 Problem accessing /cas-sample/j_spring_cas_security_check. Reason: Caused by: java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor |
|
Scott Battaglia said: I wonder if its because there are no values for the attributes? I can take a look tomorrow. Are you returning any attributes? Cheers, |
|
Scott Battaglia said: Just realized that we were passing in NULL as the password which is not allowed. Fixed that, so try it out now. |
spring-projects-issues
added
in: cas
Marvin S. Addison (Migrated from SEC-1228) said:
Now that CAS supports attribute release in the service ticket validation response via the SAML 1.1 protocol, it should be straightforward to provide a UserDetailsService for CAS that can map attributes onto roles and other user information needed by applications that use Spring Security.
The text was updated successfully, but these errors were encountered: