spring-securitycasspring-security-cas

How the CAS client (spring boot + spring security) can get more fields from CAS Server?


I read this article CAS SSO With Spring Security and run successfully the source code, but this client only get username, I hope my client need more fields from CAS server.

In my previous CAS client using traditional SpringMVC, I can get all fileds including username, phoneNo, password and email. The main steps as follows: In CAS server's file WEB-INF/classes/services/Apereo-10000002.json, I added an option:

  "attributeReleasePolicy" : {
  "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
 }

In client, I used getUserPrincipal as follows

@RequestMapping("/cas/login.do")
@ResponseBody
public String casLogin(String uri, 
 HttpServletRequest request,...){
    ... 

    Principal principal = request.getUserPrincipal();
    Map<String,Object> userInfo = new HashMap<>();
    if (p instanceof AttributePrincipal) {
        userInfo =( (AttributePrincipal)principal).getAttributes();
    }
    System.err.println("image:"+userInfo.get("image"));
    System.err.println("username:"+userInfo.get("username"));
    System.err.println("email:"+userInfo.get("email"));
    System.err.println("phoneNo:"+userInfo.get("phoneNo"));
 ...
}

Now I want to implement a CAS client based on spring boot + spring security as the above article described. But based the articles code, what should I do? Thanks in advance!


Solution

  • this client only get username, I hope my client need more fields from CAS server

    You need to make sure your client is hitting the right endpoint for validation. Based on the notes here:

    If your client application is not receiving attributes, you will need to make sure:

    • The client is using a version of CAS protocol that is able to release attributes.
    • The client, predicated on #1, is hitting the appropriate endpoint for service ticket validation (i.e. /p3/serviceValidate).
    • The CAS server itself is resolving and retrieving attributes correctly.
    • The CAS server is authorized to release attributes to that particular client application inside its service registry.