While CAS Protocol 1.0 & 2.0 defined only a <cas:user> attribute as required in the authentication response, many CAS server implementations release additional attributes. This attribute release can inform the application of details like a user's name, email address, preferred locale, and group membership. The phpCAS library currently supports looking for additional attributes in the CAS response encoded in several common formats. Replicating this support in CasAuthBundle will open-up a number of options to applications using this bundle.
My read on the structure of the Symfony Authenticator/UserProvider/User system is that the proper place for attribute parsing and structuring would be in the CasUserProvider. The CasUserProvider would need access to the serviceValidate response XML though, so that would need to be provided to it by the CasAuthenticator prior to $userProvider->loadUserByUsername() being called. I'll have to investigate further how to properly expose a mechanism for passing data from the CasAuthenticator to the CasUserProvider that won't cause problems if there are multiple Authenticators or UserProviders configured into the application.
While CAS Protocol 1.0 & 2.0 defined only a
<cas:user>attribute as required in the authentication response, many CAS server implementations release additional attributes. This attribute release can inform the application of details like a user's name, email address, preferred locale, and group membership. The phpCAS library currently supports looking for additional attributes in the CAS response encoded in several common formats. Replicating this support inCasAuthBundlewill open-up a number of options to applications using this bundle.My read on the structure of the Symfony
Authenticator/UserProvider/Usersystem is that the proper place for attribute parsing and structuring would be in theCasUserProvider. TheCasUserProviderwould need access to theserviceValidateresponse XML though, so that would need to be provided to it by theCasAuthenticatorprior to$userProvider->loadUserByUsername()being called. I'll have to investigate further how to properly expose a mechanism for passing data from theCasAuthenticatorto theCasUserProviderthat won't cause problems if there are multipleAuthenticators orUserProviders configured into the application.