CAS attribute resolution with LDAP

[Sébastien Ragons]

Hello,

I am trying to get attribute from LDAP but with no success since days.

So i tried a basic configuration but it doesnt work.

My basic configuration:

# Authentification LDAP

cas.authn.ldap[0].type=AUTHENTICATED

cas.authn.ldap[0].ldapUrl=ldap://frparantgaga:389/

cas.authn.ldap[0].useSsl=false

cas.authn.ldap[0].useStartTls=false

cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].baseDn=o=antalis

cas.authn.ldap[0].userFilter=(|(uid={user})(mail={user}))

cas.authn.ldap[0].subtreeSearch=true

cas.authn.ldap[0].usePasswordPolicy=true

# Credential to connect to LDAP

cas.authn.ldap[0].bindDn=cn=root,o=antalis

cas.authn.ldap[0].bindCredential=passwd

# authentication-attributes

cas.authn.ldap[0].principalAttributeList=sn,cn,mail,description

cas.authn.attributeRepository.attributes.sn=sn

cas.authn.attributeRepository.attributes.cn=cn

cas.authn.attributeRepository.attributes.mail=mail

cas.authn.attributeRepository.attributes.description=description 

I configured my service to get all attributes

{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : ".*",

  "name" : "Service 3 avec theme 2",

  "theme" : "theme2",

  "id" : 3,

  "attributeReleasePolicy" : {

    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"

  }

}

Client side the principal doesnt contain none of the configured attributes.

CAS server's logs seem to indicate that there is no attribute to release:

.AbstractRegisteredServiceAttributeReleasePolicy] - <Found principal attributes [{}] for [seba...@gmail.com]> 

I'm aware about the article on the blog about attributes: https://apereo.github.io/2017/02/22/cas51-dbauthn-tutorial/

I've consulted several questions about this topic on this group.

I dont understand why it doesnt work.

Could you help me ?

Thank you 

Sebastien

[Sébastien Ragons]

complement:

Client side i use spring security and i try to get attribute this way:

      Authentication auth = SecurityContextHolder.getContext().getAuthentication();

      if( auth != null 

      && auth.getPrincipal() != null

      && auth.getPrincipal() instanceof UserDetails) {

      

      

    UserDetails user = (UserDetails) auth.getPrincipal();

[Ray Bon]

Sebastien,

To see what is happening on CAS side, put this in your CAS log config:

        <!-- DEBUG Resolved service [limited details about service]

                   Located registered service definition [service details] -->

        <AsyncLogger name="org.apereo.cas.DefaultCentralAuthenticationService" level="debug" />

        <!-- DEBUG Found principal attributes [...] for [username]

                   Attribute policy [???] allows release of [...] for [username]

                   Final collection of attributes allowed are: [...] -->

        <AsyncLogger name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy" level="debug"/>

        <!-- turn on all service debugging -->

        <AsyncLogger name="org.apereo.cas.services" level="debug"/>

Have you configured LDAP to release those attributes?

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

[William E.]

In our cas.properties, we also have:

cas.personDirectory.principalAttribute=uid,mail

cas.personDirectory.returnNull=false

cas.personDirectory.principalResolutionFailureFatal=false

Hope this helps.