get userinfo from cas oidc, the claims value are array not string

79 views
Skip to first unread message

Jae Liu

unread,
Jan 20, 2022, 5:39:01 AM1/20/22
to CAS Community

Hi everybody,

 

I am facing an issue with getting user info from CAS v6.4.5 as OIDC OP with LDAP as source. The claims’ value from userinfo endpint is an array, not string per spec.

How to config CAS to provide claims per spec as string?

 

Results of /cas/oidc/profile:

{
    "email":[
        "liu...@yozo.com"
    ],
    "name":[
        "jae liu"
    ],
    "nickname":[
        "liu_jae"
    ],
    "preferred_username":[
        "liu...@yozo.com "
    ],
    "sub":"liu_jie",
    "service":"http://127.0.0.1:5556/auth/callback",
    "auth_time":1642666074,
    "id":"liu_jae",
    "client_id":"hc0vr9iYm9iPyi6M1MctxOtx71bokdMWKHbO",
    "aud":"hc0vr9iYm9iPyi6M1MctxOtx71bokdMWKHbO",
    "iat":1642671699,
    "iss":null,
    "jti":"7be481a8-7ad5-4011-817e-6a2418ddc19b"
}

 

We can see the value of email, name, preferred_username are list, these claims are map from ldap attributes.

 

Following are debug log:

 

DEBUG [org.apereo.cas.authentication.CoreAuthenticationUtils] - <Merged attributes with the final result as [

{

  clientIpAddress=[192.168.xx.xx9],

  commonName=[jae],

  authenticationDate=[1642666074],

  mail=[liu...@yozo.com],

  sAMAccountName=[liu_jae],

  displayName=[jae liu)],

  successfulAuthenticationHandlers=[yozo],

  givenName=[jae],

  userAgent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0],

  dn=[CN=liu_jae,OU=xxxx,OU=xxxx,DC=xx,DC=local],

  credentialType=[UsernamePasswordCredential],

  authenticationMethod=[yozo],

  serverIpAddress=[172.16.xx.xx],

  sn=[liu_jae],

  userPrincipalName=[liu...@xxx.com]

}]>

 

DEBUG [org.apereo.cas.authentication.principal.RegisteredServicePrincipalAttributesRepository] - <Using [liu_jae], no caching/update takes place for [DefaultPrincipalAttributesRepository] to add attributes [

{

  oauthClientId=[hc0vr9iYm9iPyi6M1MctxOtx71bokdMWKHbO],

  name=[jae liu)], nickname=[liu_jae],

  preferred_username=[liu...@yozo.com],

  email=[liu...@yozo.com]

}

]>

 

DEBUG [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Attempting to map and filter claims based on resolved attributes [

{

  email=[liu...@yozo.com],

  name=[jae liu],

  nickname=[liu_jae],

  oauthClientId=[hc0vr9iYm9iPyi6M1MctxOtx71bokdMWKHbO],

  preferred_username=[liu...@yozo.com]

}

]>

Reply all
Reply to author
Forward
0 new messages