LDAP attributes

[Satnam Singh Sarai]

Hello,

We are trying to upgrade cas from 4.2 to 5.2 and we are having issues with guid attribute. It is not in string format. How can we convert this to string format.. name, email is in string format.

Thanks for help

[Ca Post]

Update:

 

I wrote my own function to convert GUID to readable format but some of the bytes values not converting correctly .  Can anyone help with this issue?  Let me know if something is not clear.   Any help will be appreciated..  

result value ---      08 3F 64 3F-3F 65-43 3F-3F 08-7A 78 3F 63 6A 5B

expected value -- 08 EA 64 D9-D2 65-43 F7-A8 08-7A 78 A8 63 6A 5B

CAS return value looks like ?d? e??C? zx?cj[   

here is the code..

public final HandlerResult postAuthenticate(final Credential credential, final HandlerResult result) {

 

LOGGER.debug("postAuthenticate***************************");

Principal principal = result.getPrincipal();

byte guidByte[] = (byte[]) principal.getId().getBytes();

 

String guid = convertToDashedString(guidByte).toUpperCase();

LOGGER.debug("***** guid: "+guid + " "+ convertToDashedString(guidByte).toUpperCase());

 

 // test

for (int i = 0; i < guidByte.length; i++) {

LOGGER.debug("i : "+i +" "+ guidByte[i] );

String transformed = prefixZeros((int) guidByte[i] & 0xFF);

// result.append("\\");

LOGGER.debug("i : "+i +" "+ guidByte[i] + " "+ transformed + " "+ result.getPrincipal().getId() + " "+ byteToHex(guidByte[i]));

}

} 

public static String convertToDashedString(byte[] objectGUID) {

StringBuilder displayStr = new StringBuilder();

displayStr.append(prefixZeros((int) objectGUID[3] & 0xFF));

displayStr.append(prefixZeros((int) objectGUID[2] & 0xFF));

displayStr.append(prefixZeros((int) objectGUID[1] & 0xFF));

displayStr.append(prefixZeros((int) objectGUID[0] & 0xFF));

displayStr.append("-");

displayStr.append(prefixZeros((int) objectGUID[5] & 0xFF));

displayStr.append(prefixZeros((int) objectGUID[4] & 0xFF));

displayStr.append("-");

displayStr.append(prefixZeros((int) objectGUID[7] & 0xFF));

displayStr.append(prefixZeros((int) objectGUID[6] & 0xFF));

displayStr.append("-");

displayStr.append(prefixZeros((int) objectGUID[8] & 0xFF));

displayStr.append(prefixZeros((int) objectGUID[9] & 0xFF));

displayStr.append("-");

displayStr.append(prefixZeros((int) objectGUID[10] & 0xFF));

displayStr.append(prefixZeros((int) objectGUID[11] & 0xFF));

displayStr.append(prefixZeros((int) objectGUID[12] & 0xFF));

displayStr.append(prefixZeros((int) objectGUID[13] & 0xFF));

displayStr.append(prefixZeros((int) objectGUID[14] & 0xFF));

displayStr.append(prefixZeros((int) objectGUID[15] & 0xFF));

 

return displayStr.toString();

 

}

 

private static String prefixZeros(int value) {

if (value <= 0xF) {

StringBuilder sb = new StringBuilder("0");

sb.append(Integer.toHexString(value));

return sb.toString();

} else {

return Integer.toHexString(value);

}

}

 

 

 ------------------------ LOG ----------------

------------------------ LOG ----------------

2018-02-01 13:43:59,265 DEBUG [myAuthenticationHandler] - ***** guid: 083F643F-3F65-433F-3F08-7A783F636A5B 083F643F-3F65-433F-3F08-7A783F636A5B 3F643F08653F3F433F087A783F636A5B
2018-02-01 13:43:59,265 DEBUG [myAuthenticationHandler] - ***** guid: 083F643F-3F65-433F-3F08-7A783F636A5B 083F643F-3F65-433F-3F08-7A783F636A5B 3F643F08653F3F433F087A783F636A5B
2018-02-01 13:43:59,266 DEBUG [myAuthenticationHandler] - i : 0 63
2018-02-01 13:43:59,266 DEBUG [myAuthenticationHandler] - i : 0 63
2018-02-01 13:43:59,266 DEBUG [myAuthenticationHandler] - i : 0 63 3f ?d? e??C? zx?cj[ 3f
2018-02-01 13:43:59,266 DEBUG [myAuthenticationHandler] - i : 0 63 3f ?d? e??C? zx?cj[ 3f
2018-02-01 13:43:59,267 DEBUG [myAuthenticationHandler] - i : 1 100
2018-02-01 13:43:59,267 DEBUG [myAuthenticationHandler] - i : 1 100
2018-02-01 13:43:59,267 DEBUG [myAuthenticationHandler] - i : 1 100 64 ?d? e??C? zx?cj[ 64
2018-02-01 13:43:59,267 DEBUG [myAuthenticationHandler] - i : 1 100 64 ?d? e??C? zx?cj[ 64
2018-02-01 13:43:59,268 DEBUG [myAuthenticationHandler] - i : 2 63
2018-02-01 13:43:59,268 DEBUG [myAuthenticationHandler] - i : 2 63
2018-02-01 13:43:59,268 DEBUG [myAuthenticationHandler] - i : 2 63 3f ?d? e??C? zx?cj[ 3f
2018-02-01 13:43:59,268 DEBUG [myAuthenticationHandler] - i : 2 63 3f ?d? e??C? zx?cj[ 3f
2018-02-01 13:43:59,269 DEBUG [myAuthenticationHandler] - i : 3 8
2018-02-01 13:43:59,269 DEBUG [myAuthenticationHandler] - i : 3 8
2018-02-01 13:43:59,270 DEBUG [myAuthenticationHandler] - i : 3 8 08 ?d? e??C? zx?cj[ 08
2018-02-01 13:43:59,270 DEBUG [myAuthenticationHandler] - i : 3 8 08 ?d? e??C? zx?cj[ 08
2018-02-01 13:43:59,270 DEBUG [myAuthenticationHandler] - i : 4 101
2018-02-01 13:43:59,270 DEBUG [myAuthenticationHandler] - i : 4 101
2018-02-01 13:43:59,271 DEBUG [myAuthenticationHandler] - i : 4 101 65 ?d? e??C? zx?cj[ 65
2018-02-01 13:43:59,271 DEBUG [myAuthenticationHandler] - i : 4 101 65 ?d? e??C? zx?cj[ 65
2018-02-01 13:43:59,272 DEBUG [myAuthenticationHandler] - i : 5 63
2018-02-01 13:43:59,272 DEBUG [myAuthenticationHandler] - i : 5 63
2018-02-01 13:43:59,272 DEBUG [myAuthenticationHandler] - i : 5 63 3f ?d? e??C? zx?cj[ 3f
2018-02-01 13:43:59,272 DEBUG [myAuthenticationHandler] - i : 5 63 3f ?d? e??C? zx?cj[ 3f
2018-02-01 13:43:59,273 DEBUG [myAuthenticationHandler] - i : 6 63
2018-02-01 13:43:59,273 DEBUG [myAuthenticationHandler] - i : 6 63
2018-02-01 13:43:59,274 DEBUG [myAuthenticationHandler] - i : 6 63 3f ?d? e??C? zx?cj[ 3f
2018-02-01 13:43:59,274 DEBUG [myAuthenticationHandler] - i : 6 63 3f ?d? e??C? zx?cj[ 3f
2018-02-01 13:43:59,274 DEBUG [myAuthenticationHandler] - i : 7 67
2018-02-01 13:43:59,274 DEBUG [myAuthenticationHandler] - i : 7 67
2018-02-01 13:43:59,275 DEBUG [myAuthenticationHandler] - i : 7 67 43 ?d? e??C? zx?cj[ 43
2018-02-01 13:43:59,275 DEBUG [myAuthenticationHandler] - i : 7 67 43 ?d? e??C? zx?cj[ 43
2018-02-01 13:43:59,276 DEBUG [myAuthenticationHandler] - i : 8 63
2018-02-01 13:43:59,276 DEBUG [myAuthenticationHandler] - i : 8 63
2018-02-01 13:43:59,276 DEBUG [myAuthenticationHandler] - i : 8 63 3f ?d? e??C? zx?cj[ 3f
2018-02-01 13:43:59,276 DEBUG [myAuthenticationHandler] - i : 8 63 3f ?d? e??C? zx?cj[ 3f
2018-02-01 13:43:59,277 DEBUG [myAuthenticationHandler] - i : 9 8
2018-02-01 13:43:59,277 DEBUG [myAuthenticationHandler] - i : 9 8
2018-02-01 13:43:59,277 DEBUG [myAuthenticationHandler] - i : 9 8 08 ?d? e??C? zx?cj[ 08
2018-02-01 13:43:59,277 DEBUG [myAuthenticationHandler] - i : 9 8 08 ?d? e??C? zx?cj[ 08
2018-02-01 13:43:59,278 DEBUG [myAuthenticationHandler] - i : 10 122
2018-02-01 13:43:59,278 DEBUG [myAuthenticationHandler] - i : 10 122
2018-02-01 13:43:59,279 DEBUG [myAuthenticationHandler] - i : 10 122 7a ?d? e??C? zx?cj[ 7a
2018-02-01 13:43:59,279 DEBUG [myAuthenticationHandler] - i : 10 122 7a ?d? e??C? zx?cj[ 7a
2018-02-01 13:43:59,279 DEBUG [myAuthenticationHandler] - i : 11 120
2018-02-01 13:43:59,279 DEBUG [myAuthenticationHandler] - i : 11 120
2018-02-01 13:43:59,280 DEBUG [myAuthenticationHandler] - i : 11 120 78 ?d? e??C? zx?cj[ 78
2018-02-01 13:43:59,280 DEBUG [myAuthenticationHandler] - i : 11 120 78 ?d? e??C? zx?cj[ 78
2018-02-01 13:43:59,280 DEBUG [myAuthenticationHandler] - i : 12 63
2018-02-01 13:43:59,280 DEBUG [myAuthenticationHandler] - i : 12 63
2018-02-01 13:43:59,281 DEBUG [myAuthenticationHandler] - i : 12 63 3f ?d? e??C? zx?cj[ 3f
2018-02-01 13:43:59,281 DEBUG [myAuthenticationHandler] - i : 12 63 3f ?d? e??C? zx?cj[ 3f
2018-02-01 13:43:59,281 DEBUG [myAuthenticationHandler] - i : 13 99
2018-02-01 13:43:59,281 DEBUG [myAuthenticationHandler] - i : 13 99
2018-02-01 13:43:59,282 DEBUG [myAuthenticationHandler] - i : 13 99 63 ?d? e??C? zx?cj[ 63
2018-02-01 13:43:59,282 DEBUG [myAuthenticationHandler] - i : 13 99 63 ?d? e??C? zx?cj[ 63
2018-02-01 13:43:59,282 DEBUG [myAuthenticationHandler] - i : 14 106
2018-02-01 13:43:59,282 DEBUG [myAuthenticationHandler] - i : 14 106
2018-02-01 13:43:59,283 DEBUG [myAuthenticationHandler] - i : 14 106 6a ?d? e??C? zx?cj[ 6a
2018-02-01 13:43:59,283 DEBUG [myAuthenticationHandler] - i : 14 106 6a ?d? e??C? zx?cj[ 6a
2018-02-01 13:43:59,283 DEBUG [myAuthenticationHandler] - i : 15 91
2018-02-01 13:43:59,283 DEBUG [myAuthenticationHandler] - i : 15 91
2018-02-01 13:43:59,284 DEBUG [myAuthenticationHandler] - i : 15 91 5b ?d? e??C? zx?cj[ 5b
2018-02-01 13:43:59,284 DEBUG [myAuthenticationHandler] - i : 15 91 5b ?d? e??C? zx?cj[ 5b
2018-02-01 13:43:59,284 DEBUG [myAuthenticationHandler] - postAuthenticate***************************
2018-02-01 13:43:59,284 DEBUG [myAuthenticationHandler] - postAuthenticate***************************
2018-02-01 13:43:59,423 DEBUG [myAuthenticationHandler] - userId 104016 found for guid 083F643F-3F65-433F-3F08-7A783F636A5B
2018-02-01 13:43:59,423 DEBUG [myAuthenticationHandler] - userId 104016 found for guid 083F643F-3F65-433F-3F08-7A783F636A5B

[Daniel Fisher]

On Wed, Jan 31, 2018 at 9:01 PM, Satnam Singh Sarai <satna...@gmail.com> wrote:

We are trying to upgrade cas from 4.2 to 5.2 and we are having issues with guid attribute.   It is not in string format.   How can we convert this to string format..   name, email is in string format.

Did you try this property?

cas.authn.ldap[0].searchEntryHandlers[0].type=OBJECT_GUID

--Daniel Fisher

 

[William E.]

Just guessing here, but you may be seeing a character set issue.  Java internally uses UTF-16 I believe.  The ldap data may be coming back in UTF-8 or some extended ascii character set depending on your ldap server config, OS env variables, etc...

Just to be explicit, you might need to use getBytes("UTF8") or some variation instead.

https://docs.oracle.com/javase/tutorial/i18n/text/string.html

-W

[Satnam Sarai]

thanks Daniel,  Setting cas.authn.ldap[0].searchEntryHandlers[0].type=OBJECT_GUID worked.

Another question,  we want to overwrite postAuthenticate & preAuthenticate function of LdapAuthenticationHandler.  We created custom handler, now we noticed that CAS add default LDAP handler and ours custom handler.  Sometime our handler get executed first and other times the default handler. 

What is the best way to make minor customiztion to default LDAP handler?  in postAuthenticate function we want to map GUID to CAS ID from database (i.e look up ID by GUID, create new ID if one is already not in database).

thanks.