Home > Developer > Web Develop
MVC4 Single Sign-on three CAS client configuration
the previous several blog general introduction, the use of CAs, in this blog, will introduce you how to configure the server side, let the user login, return more user information!
first, you need to configure the properties attributerepository
first, you need to Web-inf Directory found deployerconfigcontext.xml files, configure attributerepository as follows:
<bean class= "Org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao" id= " Attributerepository "> <constructor-argindex=" 0 "ref=" casdatasource "/> <constructor-argindex = "1" value= "SELECT * from UserInfo where {0}"/> <propertyname= "queryattributemapping" > <map> <entrykey= "username" value= "loginname"/> //The key here needs to write username and login page consistent, value corresponding to the database user name field </map > </property> <propertyname= "resultattributemapping" > <map>//<!-- Key is the corresponding database field name, value is the name of the property provided to the client, and the system automatically populates the values- <entrykey= "id" value= "id"/> <entrykey= " Mobile "value=" mobile "/> <entrykey=" email value= "email"/> </map> </property > </bean>among them:
Remember: You cannot use _ (underscore) in the middle of a queried field name, otherwise you will not get data, such as Cell_phone need to set alias to CellPhone.
queryattributemapping is a query condition attribute that is used to assemble SQL, the above configuration, combined with the package into query SQL is select* from userinfo where loginname= #username # Resultattributemapping is the Structure property returned after SQL execution, key corresponds to the database field, and value corresponds to the client to get the parameter.
If you want to assemble multiple query conditions, you need to add the following, the default is and
<property name= "QueryType" >
Also in the Deployerconfigcontext.xml, for Usernamepasswordcredentialstoprincipalresolver injected attributerepository, then The attributerepository will be triggered and parsed by this class, and the red is the newly added part. <propertyname= "Credentialstoprincipalresolvers" > <list> <beanclass= " Org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver "> <span style=" Color: #ff0000; " > <propertyname= "attributerepository" ref= "attributerepository"/></span> </bean> <beanclass= "Org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"/> </list> </property>
Modify registeredservices The value of the allowedattributes property in each protocol in the list . Each value listed, the client will be able to access the
<bean id= "Serviceregistrydao" class= "Org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" > <property Name= "Registeredservices" > <list> <beanclass= "Org.jasig.cas.services.RegexReg Isteredservice "> <property name=" id "value=" 0 "/> <property name=" n Ame "value=" HTTP and IMAP "/> <property name=" description "value=" allows HTTP (s) and IMAP (s) pro Tocols "/> <property name=" serviceId "value=" ^ (https?| Imaps?):/ /.* "/> <propertyname=" EvaluationOrder "value=" 10000001 "/> <prope Rtyname= "Allowedattributes" >//the property name of the object that the client needs to use <list> <value>uid</value> <value>email</value> <value>mobile</value> </list> </property> </bean> </list></property>& Lt;/bean>
This step Ash is always important , you can see org.jasig.cas.services.RegexRegisteredService Source, of which the allowedattributes is the key
"Tips" online says this Bean in the ignoreattributes The default property is to not add user information and view the CAS 3.5.2 version of abstractregisteredservice Source, found that its default value is false, that is: After adding the property, the client is visible
Iv. Modification casservicevalidationsuccess.jspPath: web-inf/view/jsp/protocol/2.0/casservicevalidationsuccess.jsp
in the Server after validation succeeds, this page is responsible for generating the client interface XML information, in the default casservicevalidationsuccess.jsp , including only the user name, does not provide additional property information, so you need to extend the page, such as red for the newly added part
<cas:serviceresponsexmlns:cas= ' Http://www.yale.edu/tp/cas ' >
<cas:authenticationSuccess>
<cas:user>${fn:escapexml (Assertion.chainedauthentications[fn:length (assertion.chainedauthentications)-1] . principal.id)}</cas:user>
<c:iftest= "${fn:length (Assertion.chainedauthentications[fn:length (assertion.chainedauthentications)-1]. Principal.attributes) > 0} ">
<cas:attributes>
<c:foreach var= "attr" items= "${assertion.chainedauthentications[fn:length (assertion.chainedauthentications)-1 ].principal.attributes} ">
<cas:${fn:escapexml (Attr.key)}>${fn:escapexml (attr.value)}</cas:${fn:escapexml (Attr.key)}>
</c:forEach>
</cas:attributes>
</c:if>
<c:if test= "${not Empty Pgtiou}" >
<cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
</c:if>
<c:iftest= "${fn:length (assertion.chainedauthentications) > 1}" >
<cas:proxies>
<c:foreach var= "proxy" items= "${assertion.chainedauthentications}" varstatus= "Loopstatus" begin= "0" end= "${FN: Length (Assertion.chainedauthentications)-2} "step=" 1 ">
<cas:proxy>${fn:escapexml (proxy.principal.id)}</cas:proxy>
</c:forEach>
</cas:proxies>
</c:if>
</cas:authenticationSuccess>
</cas:serviceResponse>
MVC4 Single Sign-on four configuration CAs server, return more user information!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
