Attributes retrieved server side, but not available to client
Warren White
Server cas.log:
2016-06-22 10:56:04,428 DEBUG [org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl]
- Retrieved attributes='[NamedPersonImpl[name=xyz,attributes={USER_ROLE=[login, admin, student]}]]' for query='{username=[xyz]}', isFirstQuery=false, currentlyConsidering='org.jasig.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao@62aac52b', resultAttributes='[NamedPersonImpl[name=xyz,attributes={displayName=[xyz], uid=[1198], mail=[xyz@xyz.ca]}]]'
2016-06-22 10:56:04,428 DEBUG [org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl]
- Aggregated search results '[NamedPersonImpl[name=xyz,attributes={displayName=[xyz], uid=[1198], mail=[xyz@xyz.ca], USER_ROLE=[login, admin, student]}]]' for query='{username=[xyz]}'
2016-06-22 10:56:04,429 DEBUG [org.jasig.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository]
- Found [4] attributes for principal [xyz] from the attribute repository.
2016-06-22 10:56:04,429 DEBUG [org.jasig.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository]
- No merging strategy found, so attributes retrieved from the repository will be used instead.
I have merged attributes from a SingleRowJdbcPersonAttributeDao and from a MultiRowJdbcPersonAttributeDao, both are working, as the Aggregated results show.
The debug also shows Found 4 attributes found for principal.
I am confused about the last debug statement "No merging strategy found....", but I am merging the attributes.
And the client side, only the Principal attribute id is returned, no other attributes.
How to access the Principal Attributes from client?
Misagh Moayyed
That means:
1. CAS might have some attributes cached already as part of primary authn.
2. CAS starts to retrieve attributes during a particular validation event, based on caching rules and if/when configured.
3. When it does, in case there are collisions between what it already had and what it retrieved again, there might be a need to merge. You told it to never merge.
Merging attribute repositories from person directory is separate from this. It’s safe to ignore this based on you description.
You’ll need to make sure attributes are allowed for release for that client, and the client is hitting the /p3/serviceValidate endpoint.
From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of Warren White
Sent: Wednesday, June 22, 2016 12:28 PM
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] Attributes retrieved server side, but not available to client
I am attempting to include Principal Attributes for the client after login in via CAS 4.2.2
Server cas.log:
2016-06-22 10:56:04,428 DEBUG [org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl]
- Retrieved attributes='[NamedPersonImpl[name=xyz,attributes={USER_ROLE=[login, admin, student]}]]' for query='{username=[xyz]}', isFirstQuery=false, currentlyConsidering='org.jasig.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao@62aac52b', resultAttributes='[NamedPersonImpl[name=xyz,attributes={displayName=[xyz], uid=[1198], mail=[x...@xyz.ca]}]]'
2016-06-22 10:56:04,428 DEBUG [org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl]
- Aggregated search results '[NamedPersonImpl[name=xyz,attributes={displayName=[xyz], uid=[1198], mail=[x...@xyz.ca], USER_ROLE=[login, admin, student]}]]' for query='{username=[xyz]}'
2016-06-22 10:56:04,429 DEBUG [org.jasig.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository]
- Found [4] attributes for principal [xyz] from the attribute repository.
2016-06-22 10:56:04,429 DEBUG [org.jasig.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository]
- No merging strategy found, so attributes retrieved from the repository will be used instead.
I have merged attributes from a SingleRowJdbcPersonAttributeDao and from a MultiRowJdbcPersonAttributeDao, both are working, as the Aggregated results show.
The debug also shows Found 4 attributes found for principal.
I am confused about the last debug statement "No merging strategy found....", but I am merging the attributes.
And the client side, only the Principal attribute id is returned, no other attributes.
How to access the Principal Attributes from client?
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/197787c8-2e0c-4106-a11a-fe04acf4df3c%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Warren White
Thank you for the hint, /p3/serviceValidate
Warren
z mortazavi
I setup jasig-cas-4.2.6 and I can login successful in cas-side but in my client I get login successful but phpCAS::getAttributes() no return my attribute such as mail and givenName
deployerConfigContext.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:ldaptive="http://www.ldaptive.org/schema/spring-ext"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.ldaptive.org/schema/spring-ext http://www.ldaptive.org/schema/spring-ext.xsd">
<bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<entry key="givenName" value="firstName"/>
<entry key="mail" value="email"/>
</map>
</property>
</bean>
<util:map id="authenticationHandlersResolvers">
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="ldapAuthenticationHandler" value="#{null}" />
</util:map>
<util:list id="authenticationMetadataPopulators">
<ref bean="successfulHandlerMetaDataPopulator" />
<ref bean="rememberMeAuthenticationMetaDataPopulator" />
</util:list>
<alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" />
<alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" />
<bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<util:map id="attrRepoBackingMap">
<entry key="givenName" value="firstName"/>
<entry key="mail" value="email"/>
<entry>
<key><value>memberOf</value></key>
<list>
<value>faculty</value>
<value>staff</value>
<value>org</value>
</list>
</entry>
</util:map>
<alias name="serviceThemeResolver" alias="themeResolver" />
<alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" />
<alias name="defaultTicketRegistry" alias="ticketRegistry" />
<alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" />
<alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" />
<alias name="anyAuthenticationPolicy" alias="authenticationPolicy" />
<alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" />
<bean id="auditTrailManager"
class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager"
p:entrySeparator="${cas.audit.singleline.separator:|}"
p:useSingleLine="${cas.audit.singleline:false}"/>
<alias name="neverThrottle" alias="authenticationThrottle" />
<util:list id="monitorsList">
<ref bean="memoryMonitor" />
<ref bean="sessionMonitor" />
</util:list>
<alias name="defaultPrincipalFactory" alias="principalFactory" />
<alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" />
<alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" />
<alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" />
<bean id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
p:registeredServices-ref="registeredServicesList" />
<util:list id="registeredServicesList">
<bean class="org.jasig.cas.services.RegexRegisteredService"
p:id="1"
p:name="sso"
p:serviceId="^(https?|imaps?|http?)://.*"
p:description="sso cas"
p:evaluationOrder="0" >
<property name="attributeReleasePolicy">
<bean class="org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy">
<property name="allowedAttributes">
<list>
<value>mail</value>
<value>givenName</value>
</list>
</property>
</bean>
</property>
</bean>
</util:list>
<ldaptive:ad-authenticator id="authenticator"
ldapUrl="xxxx"
baseDn="xxxxxx"
userFilter="xx"
bindDn="xxxxx"
bindCredential="xxxxxxxx"
connectTimeout="5000"
useStartTLS="false"
blockWaitTime="3000"
maxPoolSize="10"
allowMultipleDns="false"
minPoolSize="1"
validateOnCheckOut="false"
validatePeriodically="true"
validatePeriod="300"
idleTime="600"
prunePeriod="300"
failFastInitialize="false"
subtreeSearch="true"
useSSL="false"
/>
</beans>
and my json file is:
....
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
"principalAttributesRepository" : {
"@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository" }
"allowedAttributes" : [ "java.util.ArrayList", [ "mail", "givenName"] ]
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : false
},
...
and in client side i have:
phpCAS::client(CAS_VERSION_3_0,'xxx',443,'cas');
...
$attr = phpCAS::getAttributes();
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
AEF4 .| | | | | | <cas:authenticationSuccess>
AEF4 .| | | | | | <cas:user>xxx</cas:user>
AEF4 .| | | | | |
AEF4 .| | | | | | <cas:attributes>
AEF4 .| | | | | |
AEF4 .| | | | | | <cas:LdapAuthenticationHandler.dn>xxxxxxxxx</cas:LdapAuthenticationHandler.dn>
AEF4 .| | | | | |
AEF4 .| | | | | | <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
AEF4 .| | | | | |
AEF4 .| | | | | | <cas:isFromNewLogin>true</cas:isFromNewLogin>
AEF4 .| | | | | |
AEF4 .| | | | | | <cas:authenticationDate>2017-02-01T10:46:15.737+03:30</cas:authenticationDate>
AEF4 .| | | | | |
AEF4 .| | | | | |
AEF4 .| | | | | | </cas:attributes>
AEF4 .| | | | | |
AEF4 .| | | | | | </cas:authenticationSuccess>
AEF4 .| | | | | | </cas:serviceResponse>
please help me.
thanks in advance.To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3cad299e-1e47-40d0-8c4e-f52a57a4414e%40apereo.org.