apereo · johanv · Jan 17, 2017 · Feb 16, 2017
diff --git a/DotNetCasClient/Validation/Schema/Cas20/AuthenticationSuccess.cs b/DotNetCasClient/Validation/Schema/Cas20/AuthenticationSuccess.cs
@@ -20,8 +20,10 @@
 #pragma warning disable 1591
 
 using System;
+using System.Collections.Generic;
 using System.ComponentModel;
 using System.Diagnostics;
+using System.Xml;
 using System.Xml.Serialization;
 
 namespace DotNetCasClient.Validation.Schema.Cas20
@@ -41,6 +43,27 @@ public string User
             set;
         }
 
+        [XmlElement("attributes")]
+        public Object AttributesNodes { get; set; }
+
+        [XmlIgnore]
+        public Dictionary<String, IList<String>> Attributes
+        {
+            get
+            {
+                var result = new Dictionary<String, IList<String>>();
+                foreach (var element in AttributesNodes as IEnumerable<XmlNode>)
+                {
+                    if (!result.ContainsKey(element.Name))
+                    {
+                        result[element.Name] = new List<string>();
+                    }
+                    result[element.Name].Add(element.InnerText);
+                }
+                return result;
+            }
+        }
+
         [XmlElement("proxyGrantingTicket")]
         public string ProxyGrantingTicket
         {

diff --git a/...hema/Saml20/Metadata/localizedNameType.cs → ...hema/Saml20/Metadata/LocalizedNameType.cs b/...hema/Saml20/Metadata/localizedNameType.cs → ...hema/Saml20/Metadata/LocalizedNameType.cs
diff --git a/...chema/Saml20/Metadata/localizedURIType.cs → ...chema/Saml20/Metadata/LocalizedUriType.cs b/...chema/Saml20/Metadata/localizedURIType.cs → ...chema/Saml20/Metadata/LocalizedUriType.cs
diff --git a/DotNetCasClient/Validation/TicketValidator/Cas20ServiceTicketValidator.cs b/DotNetCasClient/Validation/TicketValidator/Cas20ServiceTicketValidator.cs
@@ -125,11 +125,11 @@ protected override ICasPrincipal ParseResponseFromServer(string response, string
 
                 if (authSuccessResponse.Proxies != null && authSuccessResponse.Proxies.Length > 0)
                 {
-                    return new CasPrincipal(new Assertion(authSuccessResponse.User), proxyGrantingTicketIou, authSuccessResponse.Proxies);
+                    return new CasPrincipal(new Assertion(authSuccessResponse.User, authSuccessResponse.Attributes), proxyGrantingTicketIou, authSuccessResponse.Proxies);
                 } 
                 else
                 {
-                    return new CasPrincipal(new Assertion(authSuccessResponse.User), proxyGrantingTicketIou);
+                    return new CasPrincipal(new Assertion(authSuccessResponse.User, authSuccessResponse.Attributes), proxyGrantingTicketIou);
                 }
             }
 

diff --git a/README.md b/README.md
@@ -146,6 +146,13 @@ Configure the ASP.NET Forms authentication section, `<forms>`, so that it points
 ### Configure Authorization
 Configure authorization roles and resources using the familiar ASP.NET directives. We recommend the user of a role provider that queries a role store given the principal name returned from the CAS server. There is not support at present for extracting authorization data from the attributes released from CAS via the SAML protocol.
 
+### CAS attributes
+
+I added a hack so that you can access your CAS attributes. E.g., we have an attribute that's called `ad_nummer`, and I use it like this:
+
+            var principal = System.Web.HttpContext.Current.User as CasPrincipal;
+            myAdNr = int.Parse(principal.Assertion.Attributes["cas:ad_nummer"].First());
+
 ### Configure Diagnostic Tracing (optional)
 `CasAuthenticationModule` uses the .NET Framework `System.Diagnostics` tracing facility for internal logging. Enabling the internal trace switches should be the first step taken to troubleshoot integration problems.