Spring Security
  1. Spring Security
  2. SEC-1228

Create UserDetailsService for CAS That Leverages SAML-based Attribute Release

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0 M2
    • Fix Version/s: 3.0.0 RC1
    • Component/s: CAS
    • Labels:
      None
    • Environment:
      CAS Server 3.3.4, CAS Client 3.1.7

      Description

      Now that CAS supports attribute release in the service ticket validation response via the SAML 1.1 protocol, it should be straightforward to provide a UserDetailsService for CAS that can map attributes onto roles and other user information needed by applications that use Spring Security.

      1. spring-security-cas-client.log
        92 kB
        Dominique Arnou
      2. stacktrace.log
        4 kB
        Dominique Arnou
      1. applicationContext-security.jpg
        100 kB

        Activity

        Hide
        Dominique Arnou added a comment -

        Good evening,

        To begin, the webapp-sample case is provided in your source repository.

        I have provided an extract file applicationContext-security.xml : I just changed the property userDetailsService in authenticationUserDetailsService, and created a bean GrantedAuthorityFromAssertionAttributesUserDetailsService.

        The trace spring-security-cas-client.log and a copy of the stacktrace displayed are also provided

        Best regards,

        Dominique

        Sorry for my English translated

        Show
        Dominique Arnou added a comment - Good evening, To begin, the webapp-sample case is provided in your source repository. I have provided an extract file applicationContext-security.xml : I just changed the property userDetailsService in authenticationUserDetailsService, and created a bean GrantedAuthorityFromAssertionAttributesUserDetailsService. The trace spring-security-cas-client.log and a copy of the stacktrace displayed are also provided Best regards, Dominique Sorry for my English translated
        Hide
        Scott Battaglia added a comment -

        Can you try it out now. I had a typo in the Assert call.

        Show
        Scott Battaglia added a comment - Can you try it out now. I had a typo in the Assert call.
        Hide
        Dominique Arnou added a comment -

        Hi, the fix works, but a new error occurred:

        Line 73 invokes the method GrantedAuthorityFromAssertionAttributesUserDetailsService.java User (assertion.getPrincipal (). GetName (),...), but a 500 error occurs:

        HTTP ERROR 500

        Problem accessing /cas-sample/j_spring_cas_security_check. Reason:

        Cannot pass null or empty values to constructor

        Caused by:

        java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor
        at org.springframework.security.core.userdetails.User.(User.java:87)
        at org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService.loadUserDetails(GrantedAuthorityFromAssertionAttributesUserDetailsService.java:73)
        at org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService.loadUserDetails(AbstractCasAssertionUserDetailsService.java:37)
        at org.springframework.security.cas.authentication.CasAuthenticationProvider.loadUserByAssertion(CasAuthenticationProvider.java:150)
        ...

        Show
        Dominique Arnou added a comment - Hi, the fix works, but a new error occurred: Line 73 invokes the method GrantedAuthorityFromAssertionAttributesUserDetailsService.java User (assertion.getPrincipal (). GetName (),...), but a 500 error occurs: HTTP ERROR 500 Problem accessing /cas-sample/j_spring_cas_security_check. Reason: Cannot pass null or empty values to constructor Caused by: java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor at org.springframework.security.core.userdetails.User.(User.java:87) at org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService.loadUserDetails(GrantedAuthorityFromAssertionAttributesUserDetailsService.java:73) at org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService.loadUserDetails(AbstractCasAssertionUserDetailsService.java:37) at org.springframework.security.cas.authentication.CasAuthenticationProvider.loadUserByAssertion(CasAuthenticationProvider.java:150) ...
        Hide
        Scott Battaglia added a comment -

        I wonder if its because there are no values for the attributes? I can take a look tomorrow. Are you returning any attributes?

        Cheers,
        Scott

        Show
        Scott Battaglia added a comment - I wonder if its because there are no values for the attributes? I can take a look tomorrow. Are you returning any attributes? Cheers, Scott
        Hide
        Scott Battaglia added a comment -

        Just realized that we were passing in NULL as the password which is not allowed. Fixed that, so try it out now.

        Show
        Scott Battaglia added a comment - Just realized that we were passing in NULL as the password which is not allowed. Fixed that, so try it out now.

          People

          • Assignee:
            Scott Battaglia
            Reporter:
            Marvin S. Addison
          • Votes:
            3 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: