Authentication works fine and with the ticket ID I also get the username from client side. For retrieving the parameters I use the following script below. I've tried several different ways, but no success. I always get username and that's it. Any ideas? How can I add new parameters? There are samples with loading data from SQL and LDAP and adding them to attributes list, but none of them work. So probably is something with my inital setup. Information that I want to add does not come from DB nor LDAP, I want to add totally custom information that I receieve with authentication (the channel being used forwards it). So it should be custom attributes added or smth like that. The initial code is below -> not trying to add attributes there, just plain clean code that just authenticates.
The whole configuration is below. I'm probably totally missing something... So if you have ideas or examples how to add to saml response message additional parameters for a service client, I would be greatly thankful :)
protected UserDetails loadUserDetails(Assertion assertion) {
ArrayList grantedAuthorities = new ArrayList();
String[] arr$ = this.attributes;
int len$ = arr$.length;
for(int i$ = 0; i$ < len$; ++i$) {
String attribute = arr$[i$];
Object value = assertion.getPrincipal().getAttributes().get(attribute);
if(value != null) {
if(value instanceof List) {
List list = (List)value;
Iterator i$1 = list.iterator();
while(i$1.hasNext()) {
Object o = i$1.next();
grantedAuthorities.add(new SimpleGrantedAuthority(this.convertToUpperCase?o.toString().toUpperCase():o.toString()));
}
} else {
grantedAuthorities.add(new SimpleGrantedAuthority(this.convertToUpperCase?value.toString().toUpperCase():value.toString()));
}
}
}
return new User(assertion.getPrincipal().getName(), "NO_PASSWORD", true, true, true, true, grantedAuthorities);
}
deployerConfigContext.xml:
<?xml version="1.0" encoding="UTF-8"?>
...
<bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"/>
<bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean id="adPrincipalResolver" class="ee.qubova.cas.security.ad.ADPrincipalResolver">
<property name="attributeRepository" ref="attributeRepository"/>
</bean>
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean class="ee.qubova.cas.security.CustomAuthenticationHandler">
</bean>
</list>
</property>
</bean>
<sec:user-service id="userDetailsService">
<sec:user name="test" password="test" authorities="ROLE_ADMIN"/>
</sec:user-service>
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="0"/>
<property name="name" value="HTTP"/>
<property name="description" value="Only Allows HTTP Urls"/>
<property name="serviceId" value="http://**"/>
<property name="evaluationOrder" value="10000001"/>
<property name="allowedAttributes">
<list>
<value>username</value>
<value>password</value>
<value>idCode</value>
</list>
</property>
</bean>
</list>
</property>
</bean>
<bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager"/>
<bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor">
<property name="monitors">
<list>
<bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10"/>
<bean class="org.jasig.cas.monitor.SessionMonitor" p:ticketRegistry-ref="ticketRegistry"
p:serviceTicketCountWarnThreshold="5000" p:sessionCountWarnThreshold="100000"/>
</list>
</property>
</bean>
<bean id="utils" class="ee.qubova.cas.utils.Utils">
<property name="trustedIssuerDnPattern" value=".*"/>
</bean>
<bean id="idCardLoginController" class="ee.qubova.cas.security.idcard.X509Controller">
<property name="centralAuthenticationService" ref="centralAuthenticationService"/>
<property name="cookieGenerator" ref="ticketGrantingTicketCookieGenerator"/>
<property name="argumentExtractors" ref="argumentExtractors"/>
<property name="utils" ref="utils"/>
</bean>
<bean id="adLoginController" class="ee.qubova.cas.security.ad.ADLoginController">
<property name="centralAuthenticationService" ref="centralAuthenticationService"/>
<property name="cookieGenerator" ref="ticketGrantingTicketCookieGenerator"/>
<property name="argumentExtractors" ref="argumentExtractors"/>
<property name="utils" ref="utils"/>
</bean>
public class ADPrincipalResolver extends AbstractPersonDirectoryCredentialsToPrincipalResolver {
protected String extractPrincipalId(final Credentials credentials) {
final ADCredentials adCredentials = (ADCredentials) credentials;
return adCredentials.getIdCode();
}
public boolean supports(final Credentials credentials) {
return credentials != null && ADCredentials.class.isAssignableFrom(credentials.getClass());
}
}
public class ADCredentials extends AbstractCASUserProfile {
private String username;
private String password;
public ADCredentials(String idCode, String username, String password) {
super.setIdCode(idCode);
this.username = username;
this.password = password;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
public class CustomAuthenticationHandler implements AuthenticationHandler {
public boolean authenticate(Credentials credentials) throws AuthenticationException {
if (credentials == null) {
return false;
}
if (credentials instanceof ADCredentials) {
ADCredentials c = (ADCredentials) credentials;
if (StringUtils.hasLength(c.getIdCode())) {
return true;
}
}
return false;
}
public boolean supports(Credentials credentials) {
return credentials != null
&& credentials instanceof ADCredentials;
}
}
And in cas-servlet.xml
<bean
id="handlerMappingC"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/adlogin">adLoginController</prop>
CAS3 does not release attributes by default. It only does so via samlValidate. If you are using serviceValidate, you will need to modify the JSP file that produces the final CAS response and manually add attributes to it. See https://wiki.jasig.org/display/casum/attributes
Note that CAS3 is EOL. Future versions of CAS automatically do this.