4

In our Apereo CAS 5.3.8 protected application we need to display after login a screen which shows a dropdown with some values from which the user must select one option. The screen needs to be shown only if certain conditions are met, depending on some user attributes. In some scenarios all the attributes that we need are loaded after the login but in other cases we need to load additional ones depending on the user's choice. The user selection then has to be converted in some other user attributes which we want to store in the CAS assertion so that a client application can access the user attributes and make decisions based on these attributes.

In order to display this additional screen, we have created a custom multifactor provider. The loaded attributes are passed to a PrincipalFactory implementation.

Almost everything works fine except the part which happens after the user dropdown selection. The question is how can I load the principal attributes in two steps? I tried to update the principal and authentication objects in my custom action which gets triggered after the user selection but it does not work, it always keeps the old principal with the attributes loaded immediately after login.

I think the problem might be due to the fact the attributes are passed to a PrincipalFactory and probably they are only written once and become immutable. I tried to make use of a AuthenticationTransactionManager and a AuthenticationResultBuilder but was not able to add the extra computed attributes.

Any guidance would be highly appreciated.

Misagh Moayyed
  • 4,154
  • 2
  • 15
  • 25
virgium03
  • 627
  • 1
  • 5
  • 14
  • 2
    A see the tag `jasig` I think you are not using the latest CAS version, then what is the CAS version you are using? CAS 3? CAS 4? – Ng Sek Long Apr 26 '19 at 06:40
  • 2
    it is Apereo CAS 5.3.8 – virgium03 Apr 26 '19 at 07:42
  • 2
    Oh, then I suggest adding the tag `apereo`, this project is not maintain by `jasig` anymore. Also would be nice if the CAS version is added to the question. – Ng Sek Long Apr 26 '19 at 07:50
  • 2
    Are you aware of [this](https://apereo.github.io/cas/5.3.x/integration/Attribute-Release-PrincipalId.html) ? I am not an cas expert but I have customized released principal, not in two steps though. A solution could be to generate a cookie on your custom action after dropdown selection, and then read this cookie at the service. – leopal Apr 26 '19 at 11:15
  • 2
    yes, i am aware of the attribute release, i am already doing that. however, i need to do this twice and add the attributes belonging to the second step on top of the ones loaded previously. – virgium03 Apr 29 '19 at 13:30
  • i tried to add the `apereo` tag but it does not exist – virgium03 Apr 29 '19 at 13:31

0 Answers0