Versions Compared

Old Version 1

changes.mady.by.user Johan Reinalda

Saved on

compared with

New Version 2

changes.mady.by.user Johan Reinalda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 This article describes how to use MS-AD

...

as

...

the

...

account

...

store

...

for

...

authenticating

...

with

...

CAS

...

to

...

Google

...

Apps,

...

and

...

how

...

to

...

use

...

the

...

"mail"

...

attribute

...

of

...

the

...

AD

...

account

...

object

...

as

...

the

...

Google

...

Apps

...

user

...

id.

...

Eg.

...

a

...

user

...

logs

...

into

...

AD

...

as

...

"jdoe"

...

or

...

"jdoe@ad.yourschool.edu",

...

but

...

said

...

user

...

has

...

the

...

email

...

address

...

"john.doe@yourschool.edu"

...

(hosted

...

at

...

GMail),

...

and

...

this

...

is

...

set

...

in

...

the

...

AD

...

object

...

"mail"

...

attribute.

...

 Prerequisites:

  • functioning CAS 3.3

...

  • setup,

...

  • with

...

  • localization

...

  • via

...

  • the

...

  • Maven

...

  • overlay

...

  • method,

...

...

  • MS-AD

...

  • authentication

...

  • is

...

  • function,

...

...

  • You

...

  • can

...

  • get

...

  • LDAP

...

  • attributes

...

  • from

...

  • AD

...

  • into

...

  • the

...

  • CAS

...

  • Princical

...

  • (ie.

...

  • the

...

  • CAS

...

  • user

...

  • object

...

  • )

...


  • You

...

  • will

...

  • need

...

  • to

...

  • map

...

  • the

...

  • AD

...

  • "mail"

...

  • attribute

...

  • to

...

  • the

...

  • CAS

...

  • princical

...

  • "EmailAddress"

...

  • attribute,

...

  • eg.

...

  • in

...

  • the

...

  • mapping

...

  • section

...

  • of

...

  • the

...

  • above

...

  • article,

...

  • use

...


  • HTML clipboard
    Code Block
    xml
    xml
    
<map>
&nbsp;&nbsp; <entry key="mail" value="EmailAddress"  			/>
</map>

...

...


In

...

your

...

Maven

...

customization

...

folder,

...

here

...

called

...

cas-web-local/,

...

create

...

the

...

following

...

directory

...

structure

...

(if

...

it

...

doesn't

...

already

...

exist.)

...

}
No Format
mkdir -p HTML clipboardsrc/main/java/org/jasig/cas/authentication/principal/
{noformat}

Copy

...

the

...

Google

...

apps

...

account

...

service

...

bean

...

into

...

this

...

directory,

...

from  the cas-server-core

...

directory.

...

From

...

the

...

top

...

of

...

your

...

cas

...

build

...

directory:

...


No Format
cp HTML clipboardcas-server-core/src/main/java/org/jasig/cas/authentication/principal/GoogleAccountsService.java
cas-server-local/src/main/java/org/jasig/cas/authentication/principal/
{noformat}

Now

...

apply

...

the

...

following

...

patch

...

or

...

diffs

...

to

...

this

...

java

...

bean

...

file

...

in

...

your

...

customization:

Code Block
xml
xml
 --- cas-server-core/src/main/java/org/jasig/cas/authentication/principal/GoogleAccountsService.java     2009-03-18 08:27:22.000000000 -0700
+++ cas-server-local/src/main/java/org/jasig/cas/authentication/principal/GoogleAccountsService.java      2009-03-18 08:25:53.000000000 -0700
@@ -25,6 +25,9 @@
 import java.util.zip.Inflater;
 import java.util.zip.InflaterInputStream;

+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 /**
  * Implementation of a Service that supports Google Accounts (eventually a more
  * generic SAML2 support will come).
@@ -160,8 +163,36 @@
         c.setTime(new Date());
         c.add(Calendar.YEAR, 1);

-        samlResponse = samlResponse.replace("<USERNAME_STRING>", getPrincipal()
-            .getId());
+       /**
+        * samlResponse = samlResponse.replace("<USERNAME_STRING>", getPrincipal()
+        *   .getId());
+        */
+        /**
+         * Modify Google return to pass in EmailAddress attribute, if exists.
+         *
+        */
+       String username = getPrincipal().getId();
+       Map<String, Object> attributes = getPrincipal().getAttributes();
+
+       /** Log instance for logging events, info, warnings, errors, etc. */
+       final Log log = LogFactory.getLog(this.getClass());
+
+        if (log.isInfoEnabled()) {
+            log.info("User [" + getPrincipal().getId() + "] has " + attributes.size() + " principal attributes");
+       }
+
+       /**
+        * try to find the attribute mapped in the CredentialsToLDAPAttributePrincipalResolver
+        * configuration in deployerConfigContext.xml
+        */
+       if(attributes.containsKey("EmailAddress")) {
+               username = (String)attributes.get("EmailAddress");
+               if (log.isInfoEnabled()) {
+                               log.info("User [" + getPrincipal().getId() + "]: using EmailID [" + username + "]");
+               }
+       }
+       samlResponse = samlResponse.replace("<USERNAME_STRING>",username);
+
         samlResponse = samlResponse.replace("<RESPONSE_ID>", createID());
         samlResponse = samlResponse.replace("<ISSUE_INSTANT>", SamlUtils
             .getCurrentDateAndTime());


\\

Rebuild

...

your

...

overlay

...

with

...

maven:cd

...

cas-server-local

No Format
mvn install package

If

...

all

...

looks

...

good,

...

deplay

...

the

...

target/cas.war

...

file,

...

and

...

test!

...


There

...

will

...

be

...

some

...

INFO

...

level

...

messages

...

in

...

the

...

tomcat

...

log

...

file,

...

typically

...

<tomcat>/logs/cataline.out

...

to

...

show

...

you

...

what

...

is

...

happening.

...


Finally,

...

if

...

all

...

looks

...

well,

...

configure

...

your

...

Google

...

Apps

...

domain

...

to

...

use

...

your

...

CAS

...

setup

...

for

...

authentication.

...

See

...

here

...