Releasing credential

[Miklós Barabás]

Hi!

I'm trying to achieve SSO between legacy apps with CAS 4.2.0.
I did the configuration I found here:
https://jasig.github.io/cas/4.2.x/integration/ClearPass.html

Everything works fine, except the credential is not released as an attribute on validation. (If I release a static value for an attribute named credential, the rest works fine)

I can use the SingleRowJdbcPersonAttributeDao as the attributeRepository, but is it the proposed way to do it?

Is there any missing part from this doc?

Thanks for the help in advance!

[Misagh Moayyed]

Not that I can tell. You did authorize the service entry to receive the
credential right?

Short of that, we'd need logs to diagnose.

> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
> To post to this group, send email to cas-...@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-
> user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/4f643990-f1b9-
> 4cb8-84f0-7d1257c6b86d%40apereo.org.
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[Miklós Barabás]

Ofc I did triple checked everything that's in the doc of 4.2.x. 

No errors in the log. The logging is on debug, this is how I found out, that the problem was not having a credential attribute released. After that I set up the StubPersonAttributeDao again, mapped an arbitrary string value for the credential attribute, and all that is described in the doc like the encryption was working, except the fact that the released credential attribute was a static value instead of the given principal's credential.

So you say that even if I have the StubPersonAttributeDao like in the default overlay and the authorizedToReleaseCredentialPassword set to true for the used service, it should automatically release the credential attribute? No further dependency (like clearpass) or configuration needed like the ones the 4.0.x doc describes?

Could you provide me (and the community:) a deployerConfigContext.xml that is releasing the authenticated users credential?

Tomorrow I can also send you the logs just to be sure I didn't miss anything.

Many thanks!

[Misagh Moayyed]

No. What I am saying is releasing the credential has nothing to do with your attribute repository and its configuration. This is not about releasing the credential attribute. This is about releasing the credential as an attribute. If you want to provide us with your overlay, we could run through the issue.

 

From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of Miklós Barabás

Sent: Wednesday, April 20, 2016 9:15 AM
To: CAS Community <cas-...@apereo.org>

--

You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/418184cf-6c5b-49a5-afad-d0f557b9971f%40apereo.org.

[Miklós Barabás]

All the meaningful files are uploaded here:
https://github.com/miklosbarabas/cas-overlay

In the meanwhile I updated to 4.2.1, but the situation is the same.

Waiting for your reply!

Thanks

[Dmitriy Kopylenko]

You need to add one particular authentication metadata populator in deployerConfigContext.xml, so it looks like this:

<util:list id="authenticationMetadataPopulators">
    <ref bean="successfulHandlerMetaDataPopulator" />
    <ref bean="rememberMeAuthenticationMetaDataPopulator" />
    <ref bean="cacheCredentialsMetaDataPopulator" />
</util:list>

The documentation is missing that piece.

Also, you don’t need any of this:

<!-- CLEARPASS -->

    <bean id="cas3ServiceSuccessView"

          class="Cas30ResponseView"

          c:view-ref="cas3JstlSuccessView"

          p:successResponse="true"

          p:servicesManager-ref="servicesManager"

          p:casAttributeEncoder-ref="casAttributeEncoder"  />

    <bean id="casRegisteredServiceCipherExecutor"

          class="org.jasig.cas.util.services.DefaultRegisteredServiceCipherExecutor" />

    <bean id="casAttributeEncoder"

          class="org.jasig.cas.authentication.support.DefaultCasAttributeEncoder"

          c:servicesManager-ref="servicesManager"

          c:cipherExecutor-ref="casRegisteredServiceCipherExecutor"  />

Cheers,

Dmitriy.

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a8920ebc-9798-4b73-a852-d3012085d589%40apereo.org.

[Miklós Barabás]

It is working now!

Thank you guys for the fast response!

Here is a PR to update the doc of 4.2.x:
https://github.com/Jasig/cas/pull/1707

Cheers!