Once you have your principal resolver produce a principal with 1000 roles and attributes inside it, all you then have to do is set up attribute release policies to decide what each service would be getting. Either all, or a selection of your “roles” inside the produced principal.
-- Misagh From: Net Wolf <[email protected]> Reply: Net Wolf <[email protected]> Date: September 2, 2016 at 2:07:00 AM To: CAS Community <[email protected]> Subject: [cas-user] Access to RegexRegisteredService:serviceId from PrincipalResolver? Hi all, I'm attempting to install and configure CAS 4.2.4 within our environment. I have LDAP and JDBC authentication working, but would like to supplement the Principal with data from a separate database and use CAS to present a list of "roles" back to the application when a user is authenticated. I understand I want to chain a couple of PrincipalResolvers together, and although I've not started on that yet, I do think I can figure it out. However, I'd like to be able to only return the list of "roles" relevant to the application requesting them. We have nearly 100 applications we want migrate to CAS and each user may be a member several roles per application. In extreme cases, CAS would be returning up to 500 role names. I have an InMemoryServiceRegistryDaoImpl configured which allows access from applications within our domain. I have not configured any other serviceRegistry classes. <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegexRegisteredService"> <property name="id" value="0" /> <property name="name" value="HTTP and HTTPS" /> <property name="description" value="Allows http[s]://*.internal.company.com[:port]/*" /> <property name="serviceId" value="^(http?|https?):\/\/([A-Za-z0-9_-]+)\.internal\.company\.com(:\d{2,5})?\/.*" /> <property name="evaluationOrder" value="1" /> </bean> </list> </property> </bean> I would like to be able to pass the "$2" item from the serviceId to my PrincipalResolver. Alternatively, I could just pass in the whole of the serviceId and do the parsing in the resolver itself. >From my understanding, the Principal is returned by CAS in a separate request >(made directly to CAS by the application), so is not really in the context of >the serviceRegistry anyway. Given that fact the likelihood of using that regex >is very low. However, it's that part of the serviceId that I'd like to query >the database with. How would I gain access to the serviceId detail in the resolver? Is there a standard resolver I can use, or would I need to write my own? Many thanks in advance. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/15dd9af6-0353-4e1c-893a-bf22e65eb6da%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57c94819.6802ac1d.17d09%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
