Shibboleth Developers

[Chad La Joie <>]

If you read the javadocs for the LoginHandler you can return a
username, a Principal, or full Subject object from there.  That gets
added in to the Session and somewhere in the horrible hierarchy of the
profile request context the session is available to the resolver.

On Thu, Aug 19, 2010 at 17:42, Paul Hethmon
<>
 wrote:
> So I basically have this working now, though it feels a bit shaky in places.
> It turns out I can't use the IdP session since its not created until my
> login handler returns control to Shib. So I'm using the principal name as my
> key to tie the attributes created at authentication back to the user in the
> data resolver itself.
>
> Using the principal name seems a bit of a shaky approach, though for my
> deployments, I guarantee that one is present.
>
> I never did see a way to create a custom principal and get that in the data
> connector. The principal name as a string, but not a principal object.
>
> Not really looking for any feedback at this point, just following up for the
> list archives.
>
>
> On 8/16/10 5:54 PM, "Chad La Joie " 
> <>
>  wrote:
>
>> Since you're creating a custom login handler, just create a custom
>> principal that carries the information you need.  That'll get added to
>> the session and you can pull it from there in the attribute resolver.
>>
>> On 8/16/10 5:31 PM, Paul Hethmon wrote:
>>> So I¹m exploring creating a custom data resolver to allow my login
>>> handler to store attribute information that gets created during
>>> authentication.
>>>
>>> In looking through the standard data resolver classes and the
>>> HttpServletHelper class, I can¹t seem to find a clean way to tie the
>>> session information together. The session ID is available on both sides,
>>> but getting to the default storage service needs the servlet context.
>
>



-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered