External Mapping of LDAP attributes in CAS
- Oct
- 31
- Posted by TKH Specialist
- Posted in linux
- 2
One of the features that is attractive about CAS is it’s ability to pass LDAP attributes to a specified application via SAML. This functionality is starting to become more heavily used by our web developers, creating demand for more and more attributes to mapped. An issue arose from this; CAS must be rebuilt every time a new attribute is to be mapped. The solution was to externalize the resultAttributeMapping property to a configuration file. This can be achieved through the use of the util schema.
Add the schema to deployerConfigContext.xml:
xmlns:util="http://www.springframework.org/schema/util"
Append the following to schemaLocation:
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
The resultAttributeMapping property (in deployerConfigContext) will look like this:
<property name="resultAttributeMapping"> <util:properties id="attr" location="file:/etc/cas/ldap.attributes" /> </property>
Your attributes file cannot contain other property configurations, due to how the file is referenced. It is a collection that follows the form: key=value, with each entry placed on its own line. Here is an example ldap.attributes property file:
cn=cn uid=ssoid givenname=givenName mail=email
Recent Comments
- Stefan on Flush This!
- Timestamping your Bash History | Matt's Entropy on Remember when you issued that command…?
- Matt Smith on Remember when you issued that command…?
- Ruan on Putting ‘lsof’ to use
- Dylan F. Marquis on External Mapping of LDAP attributes in CAS
Very nice – just what I was looking for.
I wonder how hard it would be to reload the contents if the file changes? 🙂
Thanks,
chris
BTW this line got truncated in the post:
<util:properties id="attr" location="file:/etc/cas/ldap.attribtues
Glad to hear it Chris!
The util schema does support automatic property file reloading, but I don’t believe it does with the method described above. I believe you would have to write a custom bean to accomplish this.
Unicon did implement something similar to this for their JSON based service registry. Although I can’t say whether this would work with the LDAP attributes externalization. The source can be found here: https://github.com/Unicon/springframework-addons/wiki/Resource-change-detecting-event-notifier
For my own uses at least, I would tend to stay away from automatic reloading in a production environment.
Thanks for the catch BTW, looks like I can’t spell attributes either 🙂