service dependent xml response

Hi,

Using cas3.2.1, I need to be able to control the attributes released to
a service in the xml response. On 24 Apr 2008, there was a related post,
"Re: Service dependent CredentialsToPrincipalResolver." That person
wanted to control the login username in the response, depending on the
service, and he was advised to customize ServiceValidateController. I
want even more, I want to use a customized
casServiceValidationSuccess.jsp depending on the service. The number of
attributes returned, and which attributes would vary. I don't see how to
do it. I have configured the ldap handler so that the search returns all
the attributes I might need and these are put in a map held by the
principal. Now I need to be able to pick the attributes from the
principal for return in casServiceValidationSuccess.jsp. How would I do
that?

Thanks,

Robert Lewis
_______________________________________________
Yale CAS mailing list
cas@...
http://tp.its.yale.edu/mailman/listinfo/cas

Hi,

Recently I downloaded cas3.2.1 and began to prepare it for production
use here at Texas A&M. Since the services management servlet with its
attribute release is a new feature, I prepared a test to see how it
works.  I configured an allowed service and gave it a perl script that
displays the entire xml response. What I discovered was that the desired
attributes were not being released. I put in a log line in
CentralAuthenticationServiceImpl.java which shows that the variable
registeredService does indeed contain the desired attributes and the
allowed attributes responds correctly to the control in services
management.  I do not know jsp but looking at
casServiceValidationSuccess.jsp there does not seem to be any code for
attribute release.  It seems that right after the line

<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user>

there should be lines similar to the following.

<cas:attributes><c:forEach var="attr"
items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].attributes}"
varStatus="loopStatus" begin="0"
end="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].attributes)-1}"
step="1">
<cas:attribute><cas:name>${fn:escapeXml(attr.key)}</cas:name>
<cas:value>${fn:escapeXml(attr.value)}</cas:value>
</cas:attribute>
</c:forEach>
</cas:attributes>

I ran this in casServiceValidationSuccess.jsp, and lo and behold I
actually get an attribute put in the xml response, its not the correct
one and I will debug it, but it at least makes the point that we need
something similar in casServiceValidationSuccess.jsp to transmit the
released attributes. Maybe someone who knows more jsp than I do can tell
me what I need to have to replace "key" and "value?"

Thanks,

Robert Lewis

Message: 2
Date: Tue, 13 May 2008 17:02:58 -0500
From: Robert Lewis <r.lewis@...>

Subject: Re: service dependent xml response

To: cas@...
Message-ID: <482A1012.1010505@...>
Content-Type: text/plain; charset=ISO-8859-1

Hi Scott,

In CentralAuthenticationServiceImpl.java, after line 365

"if (value != null) {",

I put in a log line as follows.

log.info("attribute="+ attribute + ", value="+value.toString());

I added a service as an approved service, which consists of a perl
script that displays the entire xml response.

When I run the perl script I can see in the log the released attributes
in the registeredService, and with the perl script I can see what comes
back in the xml response. I have changed nothing else in
CentralAuthenticationServiceImpl.java and casServiceValidationSuccess.jsp

The result is I see in the log the correct release of attributes, but in
the display of the xml response I see no released attributes.

The only thing I have changed in the cas3.2.1 dist is to add returned
items in the ldap search, and to connect services management to a mysql
database. I really would have expected my test to work.
I don't know how to debug jsp, can you suggest how I might see if
assertion.chainedAuthentications contains the released attributes?
Otherwise, how might I debug this problem?

Thanks,

Robert Lewis

Message: 5 Date: Thu, 8 May 2008 11:15:50 -0400 From: "Scott Battaglia"
<scott.battaglia@...>
Subject: Re: service dependent xml response To: "Yale CAS mailing list"
<cas@...> Message-ID:
<1bbd36a10805080815r516c2a58jf9b46352624e3c91@...>
Content-Type: text/plain; charset="iso-8859-1"

Robert, If you use the services management tool to control which service
sees which attributes, the CentralAuthenticationService class
automatically scopes the available attributes passed to the
casServiceValidationSuccess.jsp to only the ones that service can see.
-Scott On Mon, May 5, 2008 at 5:55 PM, Robert Lewis <r.lewis@...>
wrote:
>> > > Hi,
>> > >
>> > > Using cas3.2.1, I need to be able to control the attributes
released to
>> > > a service in the xml response. On 24 Apr 2008, there was a
related post,
>> > > "Re: Service dependent CredentialsToPrincipalResolver." That person
>> > > wanted to control the login username in the response, depending
on the
>> > > service, and he was advised to customize ServiceValidateController. I
>> > > want even more, I want to use a customized
>> > > casServiceValidationSuccess.jsp depending on the service. The
number of
>> > > attributes returned, and which attributes would vary. I don't see
how to
>> > > do it. I have configured the ldap handler so that the search
returns all
>> > > the attributes I might need and these are put in a map held by the
>> > > principal. Now I need to be able to pick the attributes from the
>> > > principal for return in casServiceValidationSuccess.jsp. How
would I do
>> > > that?
>> > >
>> > > Thanks,
>> > >
>> > > Robert Lewis
_______________________________________________
Yale CAS mailing list
cas@...
http://tp.its.yale.edu/mailman/listinfo/cas