In our Apereo CAS 5.3.8 protected application we need to display after login a screen which shows a dropdown with some values from which the user must select one option. The screen needs to be shown only if certain conditions are met, depending on some user attributes. In some scenarios all the attributes that we need are loaded after the login but in other cases we need to load additional ones depending on the user's choice. The user selection then has to be converted in some other user attributes which we want to store in the CAS assertion so that a client application can access the user attributes and make decisions based on these attributes.
In order to display this additional screen, we have created a custom multifactor provider. The loaded attributes are passed to a PrincipalFactory implementation.
Almost everything works fine except the part which happens after the user dropdown selection. The question is how can I load the principal attributes in two steps? I tried to update the principal and authentication objects in my custom action which gets triggered after the user selection but it does not work, it always keeps the old principal with the attributes loaded immediately after login.
I think the problem might be due to the fact the attributes are passed to a PrincipalFactory and probably they are only written once and become immutable. I tried to make use of a AuthenticationTransactionManager and a AuthenticationResultBuilder but was not able to add the extra computed attributes.
Any guidance would be highly appreciated.