Sep 24th, 2011, 12:42 AM
Spring Security + CAS get attributes from CAS.
All the examples of CAS and spring security I have found so far show using CAS for authentication only.
I need to use CAS for authentication and authorization via the attribute release from CAS. My CAS does get roles from LDAP, but I don't want my spring app to talk to LDAP.
Can spring security + CAS be configured to do this ?
Sep 24th, 2011, 11:53 AM
Sep 25th, 2011, 12:19 AM
No I don't think it does. I have read all those docs through several times.
Maybe I am too dense to see it.
There is nothing there about using CAS for authorization just authentication.
All the samples that I have seen show CAS as authorization and then spring security getting roles from LDAP.
I need to get the roles/attributes from CAS.
Sep 25th, 2011, 11:39 AM
The CAS server can be configured to return additional attributes (i.e. user roles) in the CAS response. Consult the CAS Server documentation to learn how to do this. You can then use the information on the previously linked thread to create the user's roles from the CAS response.
Sep 26th, 2011, 12:28 AM
You might start with the cas ticket validator code in the jasig cas client. For example https://source.jasig.org/cas-clients...Validator.java
That's where the cas attributes are parsed. If you're lucky - you might just get away with configuring a different ticketvalidator in your authentication provider.
Tags for this Thread