How do I set up user attributes for SAML 2.0?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a7ec4d7-6a6f-41cf-be7d-86cb08ea9e70%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
Do you have an example of this?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3a71f33b-cc77-4c2a-be89-b712229a227a%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
Would this example you provided be applicable to a jdbc backend?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/92238712-c2e6-4f29-90e8-955050c92cbc%40apereo.org.
<Attribute name="urn:oid:2.5.4.3" id="cn"/><Attribute name="urn:oid:2.5.4.4" id="sn"/><Attribute name="urn:oid:2.5.4.42" id="givenName"/><Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/><Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/><Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
cas.authn.attributeRepository.ldap[0].attributes.cn: uidcas.authn.attributeRepository.ldap[0].attributes.displayName: displayNamecas.authn.attributeRepository.ldap[0].attributes.givenName: givenNamecas.authn.attributeRepository.ldap[0].attributes.mail: mailcas.authn.attributeRepository.ldap[0].attributes.memberOf: memberOfcas.authn.attributeRepository.ldap[0].attributes.sn: sncas.authn.attributeRepository.ldap[0].attributes.tnsIDNumber: cn
cas.authn.attributeRepository.jdbc[0].attributes.uid: uidcas.authn.attributeRepository.jdbc[0].attributes.last_name: sncas.authn.attributeRepository.jdbc[0].attributes.first_name: givenName
"attributeReleasePolicy" : {"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy","allowedAttributes" : {"@class" : "java.util.TreeMap","cn" : "urn:oid:2.5.4.3","displayName" : "urn:oid:2.16.840.1.113730.3.1.241","givenName" : "urn:oid:2.5.4.42","mail" : "urn:oid:0.9.2342.19200300.100.1.3","role" : "urn:newschool:attribute-def:role","sn" : "urn:oid:2.5.4.4","uid" : "urn:oid:0.9.2342.19200300.100.1.1","UDC_IDENTIFIER": "urn:newschool:attribute-def:UDC_IDENTIFIER"}
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
David,I'm still trying to understand how user attributes are supposed to work. Let's say I'm using JDBC as my source for user data and credentials. If I'm writing the JSON service to map datasource fields to SAML attributes, how is this done? Is it naming convention? Do I need to include a custom mapping Java class?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e6131e17-50cc-422f-b9e7-aa33b58b00a9%40apereo.org.
2018-05-21 20:15:07,348 INFO [org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController] - <Received SAML callback profile request [/cas/idp/profile/SAML2/Callback.+]>2018-05-21 20:15:07,656 WARN [org.apereo.cas.services.ReturnMappedAttributeReleasePolicy] - <Could not find value for mapped attribute [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress] that is based off of [email] in the allowed attributes list. Ensure the original attribute [email] is retrieved and contains at least a single value. Attribute [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress] will and can not be released without the presence of a value.>2018-05-21 20:15:07,664 WARN [org.apereo.cas.services.ReturnMappedAttributeReleasePolicy] - <Could not find value for mapped attribute [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname] that is based off of [givenName] in the allowed attributes list. Ensure the original attribute [givenName] is retrieved and contains at least a single value. Attribute [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname] will and can not be released without the presence of a value.>2018-05-21 20:15:07,670 WARN [org.apereo.cas.services.ReturnMappedAttributeReleasePolicy] - <Could not find value for mapped attribute [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname] that is based off of [surname] in the allowed attributes list. Ensure the original attribute [surname] is retrieved and contains at least a single value. Attribute [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname] will and can not be released without the presence of a value.>
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6d7a5818-69d6-4c84-a803-cd108fab3d25%40apereo.org.
cas.authn.accept.users=
cas.authn.jdbc.query[0].ddlAuto=none
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].fieldPassword=password
cas.authn.jdbc.query[0].password=
cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=
cas.authn.jdbc.query[0].passwordEncoder.secret=
cas.authn.jdbc.query[0].passwordEncoder.strength=10
cas.authn.jdbc.query[0].passwordEncoder.type=BCRYPT
cas.authn.jdbc.query[0].sql=SELECT * FROM app_user WHERE email=? AND enabled = 1
cas.authn.jdbc.query[0].user=u
# User Attribute Settings
cas.authn.attributeRepository.jdbc[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.attributeRepository.jdbc[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.attributeRepository.jdbc[0].user=u
cas.authn.attributeRepository.jdbc[0].password=
cas.authn.attributeRepository.jdbc[0].singleRow=true
cas.authn.attributeRepository.jdbc[0].sql=SELECT id, first_name, last_name, email FROM app_user WHERE {0}
cas.authn.attributeRepository.jdbc[0].attributes.uid=id
cas.authn.attributeRepository.jdbc[0].attributes.givenName=first_name
cas.authn.attributeRepository.jdbc[0].attributes.emailaddress=email
cas.authn.attributeRepository.jdbc[0].attributes.surname=last_name
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ca06a377-c1db-4a79-a428-142815698536%40apereo.org.
Same error. Do you think that maybe my select statement is wrong? Specifically the `WHERE {0}` That just seems wrong to me. What is {0}?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/46828dc5-72c2-41cf-9596-265e658b5f52%40apereo.org.
cas.authn.attributeRepository.jdbc[0].sql=SELECT * FROM app_user WHERE {0}
cas.authn.attributeRepository.jdbc[0].username=id
cas.authn.attributeRepository.jdbc[0].attributes.id=uidcas.authn.attributeRepository.jdbc[0].attributes.first_name=givenNamecas.authn.attributeRepository.jdbc[0].attributes.email=emailaddresscas.authn.attributeRepository.jdbc[0].attributes.last_name=surname
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
Is there any way to show the sql used to get user attributes?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e3453ba3-aa88-4e3f-bba8-d96114a6ab37%40apereo.org.
Found [0] attributes for principal [jdgiotta@gmail.com] from the attribute repository.
-- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca
cas.authn.attributeRepository.jdbc[0].username=email
SELECT * FROM app_user WHERE email=jdgi...@gmail.com
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/27db9e1c-b36c-44ca-acb2-e240f1eea07d%40apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b357bdfc-3d90-471a-88df-fb1507cd59fb%40apereo.org.
...
"attributeReleasePolicy" : {"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy","allowedAttributes" : {"@class" : "java.util.TreeMap",
"sn" : "LastName",
"givenName" : "givenName",
"cn" : "cn",}},...
cn=curryd, givenName=David, LastName=Curry
https://aws.amazon.com/SAML/Attributes/Role=<some value>,https://aws.amazon.com/SAML/Attributes/Role=<some value>,https://aws.amazon.com/SAML/Attributes/RoleSessionName=<some value>,SessionDuration=<some value>
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cef00c55-1c57-49a2-a3b9-0de76dcbfcd1%40apereo.org.
cas.authn.ldap[0].bindDn=willia...@shoracius.com.br
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
cas.authn.ldap[0].bindDn=wil...@shoracius.com.br
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/538f75ff-5130-4cdf-8858-211fa6ae4214%40apereo.org.
cas.authn.ldap[0].bindDn=willia...@shoracius.com.br
<span s