Princpal Attributes in v5.0.2
Wickham, Jeremy
I am implementing our login policies into CAS v5.0.2 using the Acceptable Use Policy module as my guide. We have multiple policies, so I am unable to use AUP for what we need to accomplish. I’m having an issue retrieving the principal attributes.
I was hopig someone could guide me on to where I’m steering wrong with this.
I’ve named attributes in my cas.properties file as:
cas.authn.attributeRepository.attributes.uid=uid
cas.authn.attributeRepository.attributes.cn=Name
cas.authn.attributeRepository.attributes.msuUDCID=UDC_IDENTIFIER
cas.authn.attributeRepository.attributes.msuCasAuth=msuCasAuth
cas.authn.attributeRepository.attributes.msuCopyright=msuCopyright
cas.authn.attributeRepository.attributes.msuEmplEthics=msuEmplEthics
cas.authn.attributeRepository.attributes.msuEmplCert=msuEmplCert
In my log file I see where the attributes are retrieved and the correct values are there. For example:
2017-02-01 16:21:30,880 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Retrieved principal id attribute jrw16>
2017-02-01 16:21:30,881 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [msuUDCID[FEB9AFE3FC5EEA1CE04012822A026E73]]>
2017-02-01 16:21:30,881 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [uid[jrw16]]>
2017-02-01 16:21:30,882 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [msuEmplEthics[Y]]>
2017-02-01 16:21:30,883 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [msuCasAuth[cas-empl-not-student-eforms, cas-guest-passwd-auth, cas-employee-eforms, cas-microsoft-hup-employee, cas-accts-exchange, cas-mystate-access-eforms, cas-libdb-auth-library, cas-data-admin-eis, cas-its-auth, cas-current-employee, eforms-empl-not-student, cas-user-accts-google, cas-empl-cert, cas-its-division, cas-wireless-auth]]>
2017-02-01 16:21:30,884 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Principal attribute: [msuCasAuth[cas-empl-not-student-eforms, cas-guest-passwd-auth, cas-employee-eforms, cas-microsoft-hup-employee, cas-accts-exchange, cas-mystate-access-eforms, cas-libdb-auth-library, cas-data-admin-eis, cas-its-auth, cas-current-employee, eforms-empl-not-student, cas-user-accts-google, cas-empl-cert, cas-its-division, cas-wireless-auth]] is multivalued>
2017-02-01 16:21:30,884 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [msuEmplCert[Y]]>
2017-02-01 16:21:30,885 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [cn[Jeremy Wickham]]>
2017-02-01 16:21:30,886 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [msuCopyright[Y]]>
2017-02-01 16:21:30,887 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Created LDAP principal for id jrw16 and 8 attributes>
Then later in the logs I am seeing this:
2017-02-01 16:21:31,123 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Locating principal attributes for jrw16>
2017-02-01 16:21:31,124 DEBUG [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository] - <DefaultPrincipalAttributesRepository will return the collection of attributes directly associated with the principal object which are [{cn=Name, msuCasAuth=msuCasAuth, msuCopyright=msuCopyright, msuEmplCert=msuEmplCert, msuEmplEthics=msuEmplEthics, msuUDCID=UDC_IDENTIFIER, uid=uid, username=jrw16}]>
2017-02-01 16:21:31,125 DEBUG [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository] - <Found [8] cached attributes for principal [jrw16] that are {cn=Name, msuCasAuth=msuCasAuth, msuCopyright=msuCopyright, msuEmplCert=msuEmplCert, msuEmplEthics=msuEmplEthics, msuUDCID=UDC_IDENTIFIER, uid=uid, username=jrw16}>
2017-02-01 16:21:31,126 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Found principal attributes {cn=Name, msuCasAuth=msuCasAuth, msuCopyright=msuCopyright, msuEmplCert=msuEmplCert, msuEmplEthics=msuEmplEthics, msuUDCID=UDC_IDENTIFIER, uid=uid, username=jrw16} for jrw16>
Also my service config is very bare bones:
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "^http://mobile-devel01.its.msstate.edu:8080/.*",
"name": "Testing Attributes",
"id": 1817043258496376,
"description": "Testing Attributes",
"evaluationOrder": 7,
}
Thank you for your help
-Jeremy
________________________
Jeremy Wickham
Senior Systems Analyst
Mississippi State University
Menno en Erla Avegaart
Wickham, Jeremy
It is uid. And yes I set the prinicipalAttributeId with the following config in the cas.properties
cas.authn.ldap[0].principalAttributeId=uid
Now I see in the docs where I can use the principalAttributeList instead of cas.authn.attributeRepository.attributes. I tried that it worked like a charm. Appreciate you pointing me in the right direction. I was going in circles trying to figure it out.
Cheers,
-Jeremy
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines:
https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/29efc005-70a5-494e-956a-7319ae5ee838%40apereo.org.
