CAS 5 RC3 attribute lookup
51 views
Skip to first unread message
Richard Frovarp
Oct 13, 2016, 6:19:27 PM10/13/16
to CAS Community
I'm very confused as to how to do attribute lookup with CAS 5.
In the actual service entry I have the return all attributes policy, so
that shouldn't be hanging me up.
I am doing AD / LDAP authentication, and it's also where my attributes
are at.
I don't see how
cas.authn.attributeRepository.attributes.uid=uid
does anything, because if I add another attribute there, nothing happens.
I don't see cas.authn.attributeRepository.ldap group of entries doing
anything.
I also don't see cas.authn.ldap[0].additionalAttributes doing much.
If I set cas.authn.ldap[0].principalAttributeList to have more
attributes, it appears to work. But it's also including uid, which isn't
in my list. Is that because of the entry above?
Do I even need to have the cas.authn.attributeRepository.ldap section?
I know it's an RC and that the documentation isn't complete, but it
feels like something is missing. Feels odd to be doing it in the authn
area instead of the ldap entries under attributeRepository.
Thanks,
Richard
In the actual service entry I have the return all attributes policy, so
that shouldn't be hanging me up.
I am doing AD / LDAP authentication, and it's also where my attributes
are at.
I don't see how
cas.authn.attributeRepository.attributes.uid=uid
does anything, because if I add another attribute there, nothing happens.
I don't see cas.authn.attributeRepository.ldap group of entries doing
anything.
I also don't see cas.authn.ldap[0].additionalAttributes doing much.
If I set cas.authn.ldap[0].principalAttributeList to have more
attributes, it appears to work. But it's also including uid, which isn't
in my list. Is that because of the entry above?
Do I even need to have the cas.authn.attributeRepository.ldap section?
I know it's an RC and that the documentation isn't complete, but it
feels like something is missing. Feels odd to be doing it in the authn
area instead of the ldap entries under attributeRepository.
Thanks,
Richard
Baron Fujimoto
Oct 13, 2016, 6:54:58 PM10/13/16
to Richard Frovarp, CAS Community
On Thu, Oct 13, 2016 at 05:19:19PM -0500, Richard Frovarp wrote:
>I'm very confused as to how to do attribute lookup with CAS 5.
>
>In the actual service entry I have the return all attributes policy, so that
>shouldn't be hanging me up.
>
>I am doing AD / LDAP authentication, and it's also where my attributes are
>at.
>
>I don't see how
>
>cas.authn.attributeRepository.attributes.uid=uid
>
>does anything, because if I add another attribute there, nothing happens.
>
>I don't see cas.authn.attributeRepository.ldap group of entries doing
>anything.
>
>I also don't see cas.authn.ldap[0].additionalAttributes doing much.
>
>If I set cas.authn.ldap[0].principalAttributeList to have more attributes, it
>appears to work. But it's also including uid, which isn't in my list. Is that
>because of the entry above?
>
>Do I even need to have the cas.authn.attributeRepository.ldap section?
cas.authn.attributeRepository.attributes.* are used as defaults unless set
>I'm very confused as to how to do attribute lookup with CAS 5.
>
>In the actual service entry I have the return all attributes policy, so that
>shouldn't be hanging me up.
>
>I am doing AD / LDAP authentication, and it's also where my attributes are
>at.
>
>I don't see how
>
>cas.authn.attributeRepository.attributes.uid=uid
>
>does anything, because if I add another attribute there, nothing happens.
>
>I don't see cas.authn.attributeRepository.ldap group of entries doing
>anything.
>
>I also don't see cas.authn.ldap[0].additionalAttributes doing much.
>
>If I set cas.authn.ldap[0].principalAttributeList to have more attributes, it
>appears to work. But it's also including uid, which isn't in my list. Is that
>because of the entry above?
>
>Do I even need to have the cas.authn.attributeRepository.ldap section?
otherwise and can have unexpected results (see my earlier post re cn being
remapped by cas.authn.attributeRepository.attributes.cn=commonName) I
believe these may be deprecated or changed in future releases.
I define all the attributes in cas.authn.ldap[0].principalAttributeList
Since we release all of them by default, what I actually do is define a
variable, and use that to factor out the list of attributes so I don't
have to replicate it in multipe places. YMMV.
our.default.attributes=\
cn,\
displayName,\
... etc ...
mail,\
uid
cas.authn.ldap[0].principalAttributeList=${our.default.attributes}
cas.authn.attributeRepository.defaultAttributesToRelease=${our.default.attributes}
>I know it's an RC and that the documentation isn't complete, but it feels
>like something is missing. Feels odd to be doing it in the authn area instead
>of the ldap entries under attributeRepository.
>
>Thanks,
>
>Richard
-baron
--
Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
Richard Frovarp
Oct 14, 2016, 2:17:26 PM10/14/16
to CAS Community
quite a bit.
Reply all
Reply to author
Forward
0 new messages