A Groovy script to parse a custom CAS 1.0 validation response and return a list of roles/groups for this user. Each list element is changed toString() to create a GrantedAuthority.

For example, suppose a customized CAS returns five extra lines with a successful validation response:

yes
jbeutel
99999999
John D Beutel
student; staff
uhsystem; uhm
eduPersonOrgDn=uhm,eduPersonAffiliation=student; eduPersonOrgDn=uhsystem,eduPersonAffiliation=staff
        

The following script grants authorities/roles/groups "uhm-student" and "uhsystem-staff" to this user. It handles the LDAP attribute names case-insensitively.

response.readLines()[6].split(';')*.trim().collect {
    def map = [:]
    it.split(',').each {
        def a = it.split('=')
        map[a[0].toLowerCase()] = a[1]
    }
    "$map.edupersonorgdn-$map.edupersonaffiliation"
}
        

As a second example, to add roles managed within the script as lists of usernames, the following script adds the authority/role/group "hudson-adm" and "developer" to "uhm-student" and "uhsystem-staff" for the above validation response:

def roles = response.readLines()[6].split(';')*.trim().collect {
    def map = [:]
    it.split(',').each {
        def a = it.split('=')
        map[a[0].toLowerCase()] = a[1]
    }
    "$map.edupersonorgdn-$map.edupersonaffiliation"
}
def username = response.readLines()[1].trim()
roles += [
    'hudson-adm': ['jbeutel', 'jdoe', 'rsmith'],
    'developer': ['jbeutel', 'jdoe', 'sclaus', 'ebunny'],
    'tester': ['itokugawa', 'hmatsu'] // etc...
].collect { role, names -> names.contains(username) ? role : [] }.flatten()
return roles