身份验证工作正常,使用故障单ID我也从客户端获取用户名。为了检索参数,我使用下面的脚本。我尝试了几种不同的方法,但没有成功。我总是得到用户名,就是这样。有任何想法吗?如何添加新参数?有些示例包含来自SQL和LDAP的加载数据,并将它们添加到属性列表中,但它们都不起作用。所以可能是我的初始设置。我想要添加的信息不是来自数据库,也不是LDAP,我想添加完全自定义的信息,我接受认证(使用的频道转发它)。所以应该添加自定义属性或者像这样添加自定义属性。初始代码如下 - >不试图在那里添加属性,只是简单的清洁代码,只需要进行身份验证。
整个配置如下。我可能完全错过了一些东西...... 因此,如果您有想法或示例如何为服务客户端添加saml响应消息附加参数,我将非常感谢:)
protected UserDetails loadUserDetails(Assertion assertion) {
ArrayList grantedAuthorities = new ArrayList();
String[] arr$ = this.attributes;
int len$ = arr$.length;
for(int i$ = 0; i$ < len$; ++i$) {
String attribute = arr$[i$];
Object value = assertion.getPrincipal().getAttributes().get(attribute);
if(value != null) {
if(value instanceof List) {
List list = (List)value;
Iterator i$1 = list.iterator();
while(i$1.hasNext()) {
Object o = i$1.next();
grantedAuthorities.add(new SimpleGrantedAuthority(this.convertToUpperCase?o.toString().toUpperCase():o.toString()));
}
} else {
grantedAuthorities.add(new SimpleGrantedAuthority(this.convertToUpperCase?value.toString().toUpperCase():value.toString()));
}
}
}
return new User(assertion.getPrincipal().getName(), "NO_PASSWORD", true, true, true, true, grantedAuthorities);
}
deployerConfigContext.xml里:
<?xml version="1.0" encoding="UTF-8"?>
...
<bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"/>
<bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean id="adPrincipalResolver" class="ee.qubova.cas.security.ad.ADPrincipalResolver">
<property name="attributeRepository" ref="attributeRepository"/>
</bean>
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean class="ee.qubova.cas.security.CustomAuthenticationHandler">
</bean>
</list>
</property>
</bean>
<sec:user-service id="userDetailsService">
<sec:user name="test" password="test" authorities="ROLE_ADMIN"/>
</sec:user-service>
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="0"/>
<property name="name" value="HTTP"/>
<property name="description" value="Only Allows HTTP Urls"/>
<property name="serviceId" value="http://**"/>
<property name="evaluationOrder" value="10000001"/>
<property name="allowedAttributes">
<list>
<value>username</value>
<value>password</value>
<value>idCode</value>
</list>
</property>
</bean>
</list>
</property>
</bean>
<bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager"/>
<bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor">
<property name="monitors">
<list>
<bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10"/>
<bean class="org.jasig.cas.monitor.SessionMonitor" p:ticketRegistry-ref="ticketRegistry"
p:serviceTicketCountWarnThreshold="5000" p:sessionCountWarnThreshold="100000"/>
</list>
</property>
</bean>
<bean id="utils" class="ee.qubova.cas.utils.Utils">
<property name="trustedIssuerDnPattern" value=".*"/>
</bean>
<bean id="idCardLoginController" class="ee.qubova.cas.security.idcard.X509Controller">
<property name="centralAuthenticationService" ref="centralAuthenticationService"/>
<property name="cookieGenerator" ref="ticketGrantingTicketCookieGenerator"/>
<property name="argumentExtractors" ref="argumentExtractors"/>
<property name="utils" ref="utils"/>
</bean>
<bean id="adLoginController" class="ee.qubova.cas.security.ad.ADLoginController">
<property name="centralAuthenticationService" ref="centralAuthenticationService"/>
<property name="cookieGenerator" ref="ticketGrantingTicketCookieGenerator"/>
<property name="argumentExtractors" ref="argumentExtractors"/>
<property name="utils" ref="utils"/>
</bean>
public class ADPrincipalResolver extends AbstractPersonDirectoryCredentialsToPrincipalResolver {
protected String extractPrincipalId(final Credentials credentials) {
final ADCredentials adCredentials = (ADCredentials) credentials;
return adCredentials.getIdCode();
}
public boolean supports(final Credentials credentials) {
return credentials != null && ADCredentials.class.isAssignableFrom(credentials.getClass());
}
}
public class ADCredentials extends AbstractCASUserProfile {
private String username;
private String password;
public ADCredentials(String idCode, String username, String password) {
super.setIdCode(idCode);
this.username = username;
this.password = password;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
public class CustomAuthenticationHandler implements AuthenticationHandler {
public boolean authenticate(Credentials credentials) throws AuthenticationException {
if (credentials == null) {
return false;
}
if (credentials instanceof ADCredentials) {
ADCredentials c = (ADCredentials) credentials;
if (StringUtils.hasLength(c.getIdCode())) {
return true;
}
}
return false;
}
public boolean supports(Credentials credentials) {
return credentials != null
&& credentials instanceof ADCredentials;
}
}
在cas-servlet.xml中
<bean
id="handlerMappingC"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/adlogin">adLoginController</prop>
答案 0 :(得分:0)
默认情况下,CAS3不会释放属性。它只通过samlValidate这样做。如果您正在使用serviceValidate,则需要修改生成最终CAS响应的JSP文件并手动向其添加属性。见https://wiki.jasig.org/display/casum/attributes
请注意,CAS3是EOL。 CAS的未来版本会自动执行此操作。