Friday, October 28, 2011

Sending Attributes with ja-sig CAS response


Basically there is one still unsolved problem which has to be handled in some way when you like to use attributes in CAS' response
Look for the "casServiceValidationSuccess.jsp" page (there could be more if there are different themes in your CAS) and change it to something like this
<%@ page session="false"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
 <cas:authenticationSuccess>
  <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user>
  <c:if test="${not empty pgtIou}">
   <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
  </c:if>
  <c:if test="${fn:length(assertion.chainedAuthentications) > 1}">
   <cas:proxies>
    <c:forEach var="proxy" items="${assertion.chainedAuthentications}"
     varStatus="loopStatus" begin="0"
     end="${fn:length(assertion.chainedAuthentications)-2}" step="1">
     <cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy>
    </c:forEach>
   </cas:proxies>
  </c:if>
  <%-- CAS attributes -- BEGIN -- --%>
  <cas:attributes>
   <c:if
    test="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes) >= 1}">
    <c:forEach var="attr"
     items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"
     varStatus="loopStatus" begin="0"
     end="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes)-1}"
     step="1">
     <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
    </c:forEach>
   </c:if>
  </cas:attributes>
  <%-- CAS attributes -- END -- --%>
 </cas:authenticationSuccess>
</cas:serviceResponse>

What's its purpose? Well, it just reads the attributes if there are some and adds them in an appropriate way to the response
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
  <cas:authenticationSuccess>
    <cas:user>justme</cas:user>
  
    <cas:proxyGrantingTicket>PGTIOU-5-fvra6OPAutt4fbEBAh2T</cas:proxyGrantingTicket>
  
    <cas:attributes>
      <cas:userPrincipalName>justme</cas:userPrincipalName>
      <cas:email>justme@mail.org</cas:email>
      <cas:FirstName>Just</cas:FirstName>
      <cas:LastName>Me</cas:LastName>
      <cas:displayName>Just Me</cas:displayName>
    </cas:attributes>

  </cas:authenticationSuccess>
</cas:serviceResponse>