get my attributes from ldap in CAS 4.2.6
210 views
Skip to first unread message
z mortazavi
Feb 1, 2017, 7:15:40 AM2/1/17
to CAS Community
Hi,
I setup jasig-cas-4.2.6 and I can login successful in cas-side but in my client I get login successful but phpCAS::getAttributes() no return my attribute such as mail and givenName
deployerConfigContext.xml is:
does need i change HTTPSandIMAPS-10000001.json file for ReturnAllowedAttributeReleasePolicy??
is any help?
thanks in advaned
I setup jasig-cas-4.2.6 and I can login successful in cas-side but in my client I get login successful but phpCAS::getAttributes() no return my attribute such as mail and givenName
deployerConfigContext.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:ldaptive="http://www.ldaptive.org/schema/spring-ext"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.ldaptive.org/schema/spring-ext http://www.ldaptive.org/schema/spring-ext.xsd">
<bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<entry key="givenName" value="firstName"/>
<entry key="mail" value="email"/>
</map>
</property>
</bean>
<util:map id="authenticationHandlersResolvers">
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="ldapAuthenticationHandler" value="#{null}" />
</util:map>
<util:list id="authenticationMetadataPopulators">
<ref bean="successfulHandlerMetaDataPopulator" />
<ref bean="rememberMeAuthenticationMetaDataPopulator" />
</util:list>
<alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" />
<alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" />
<bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<util:map id="attrRepoBackingMap">
<entry key="givenName" value="firstName"/>
<entry key="mail" value="email"/>
<entry>
<key><value>memberOf</value></key>
<list>
<value>faculty</value>
<value>staff</value>
<value>org</value>
</list>
</entry>
</util:map>
<alias name="serviceThemeResolver" alias="themeResolver" />
<alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" />
<alias name="defaultTicketRegistry" alias="ticketRegistry" />
<alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" />
<alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" />
<alias name="anyAuthenticationPolicy" alias="authenticationPolicy" />
<alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" />
<bean id="auditTrailManager"
class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager"
p:entrySeparator="${cas.audit.singleline.separator:|}"
p:useSingleLine="${cas.audit.singleline:false}"/>
<alias name="neverThrottle" alias="authenticationThrottle" />
<util:list id="monitorsList">
<ref bean="memoryMonitor" />
<ref bean="sessionMonitor" />
</util:list>
<alias name="defaultPrincipalFactory" alias="principalFactory" />
<alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" />
<alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" />
<alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" />
<bean id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
p:registeredServices-ref="registeredServicesList" />
<util:list id="registeredServicesList">
<bean class="org.jasig.cas.services.RegexRegisteredService"
p:id="1"
p:name="sso"
p:serviceId="^(https?|imaps?|http?)://.*"
p:description="sso cas"
p:evaluationOrder="0" >
<property name="attributeReleasePolicy">
<bean class="org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy">
<property name="allowedAttributes">
<list>
<value>mail</value>
<value>givenName</value>
</list>
</property>
</bean>
</property>
</bean>
</util:list>
<ldaptive:ad-authenticator id="authenticator"
ldapUrl="xxxx"
baseDn="xxxxxx"
userFilter="xx"
bindDn="xxxxx"
bindCredential="xxxxxxxx"
connectTimeout="5000"
useStartTLS="false"
blockWaitTime="3000"
maxPoolSize="10"
allowMultipleDns="false"
minPoolSize="1"
validateOnCheckOut="false"
validatePeriodically="true"
validatePeriod="300"
idleTime="600"
prunePeriod="300"
failFastInitialize="false"
subtreeSearch="true"
useSSL="false"
/>
</beans>
does need i change HTTPSandIMAPS-10000001.json file for ReturnAllowedAttributeReleasePolicy??
is any help?
thanks in advaned
Melissa Floyd
Feb 2, 2017, 9:56:33 AM2/2/17
to CAS Community
I see you are using the json service registry. You will need to provide a list of allowedAttributes for the attributeReleasePolicy in each service file. This allows different attributes to be returned for different services.
Hope that helps,
Melissa
Hope that helps,
Melissa
Warren White
Feb 2, 2017, 7:40:00 PM2/2/17
to CAS Community
Also, you must use PHP CAS 3.0, I have had the same problem, somewhere it is documented that CAS 2.0 does not provide attributes with PHP CAS
So, you must set the server version when you initialize:
// Initialize phpCASphpCAS::client(CAS_VERSION_3_0, ...This is what I added in my service registry:
...
"attributeReleasePolicy" : { "@class" : "org.jasig.cas.services.ReturnAllAttributeReleasePolicy",
...
...
z mortazavi
Feb 6, 2017, 1:17:41 AM2/6/17
to cas-...@apereo.org
hi
my json file is:
....
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
"principalAttributesRepository" : {
"@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository" }
"allowedAttributes" : [ "java.util.ArrayList", [ "mail", "givenName"] ]
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : false
},
...
phpCAS::client(CAS_VERSION_3_0,'xxx',443,'cas');
...
$attr = phpCAS::getAttributes();
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
AEF4 .| | | | | | <cas:authenticationSuccess>
AEF4 .| | | | | | <cas:user>xxx</cas:user>
AEF4 .| | | | | |
AEF4 .| | | | | | <cas:attributes>
AEF4 .| | | | | |
AEF4 .| | | | | | <cas:LdapAuthenticationHandler.dn>xxxxxxxxx</cas:LdapAuthenticationHandler.dn>
AEF4 .| | | | | |
AEF4 .| | | | | | <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
AEF4 .| | | | | |
AEF4 .| | | | | | <cas:isFromNewLogin>true</cas:isFromNewLogin>
AEF4 .| | | | | |
AEF4 .| | | | | | <cas:authenticationDate>2017-02-01T10:46:15.737+03:30</cas:authenticationDate>
AEF4 .| | | | | |
AEF4 .| | | | | |
AEF4 .| | | | | | </cas:attributes>
AEF4 .| | | | | |
AEF4 .| | | | | | </cas:authenticationSuccess>
AEF4 .| | | | | | </cas:serviceResponse>
please help me
thnks
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57c93d2c-5e27-4b26-8c18-4f6f2e96101a%40apereo.org.
z mortazavi
Feb 7, 2017, 11:02:12 AM2/7/17
to cas-...@apereo.org
any help?
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a8080200-897e-471f-8ceb-e679d4de49e7%40apereo.org.
z mortazavi
Feb 14, 2017, 7:09:03 AM2/14/17
to cas-...@apereo.org
this error accuers
2017-02-14 15:37:31,378 ERROR [org.jasig.cas.authentication.LdapAuthenticationHandler] - <The principal id attribute uid is not found. CAS cannot construct the final authenticated principal if it's unable to locate the attribute that is designated as the principal id. Attributes available are []>
when i set in deployerConfigContext.xml
2017-02-14 15:37:31,378 ERROR [org.jasig.cas.authentication.LdapAuthenticationHandler] - <The principal id attribute uid is not found. CAS cannot construct the final authenticated principal if it's unable to locate the attribute that is designated as the principal id. Attributes available are []>
when i set in deployerConfigContext.xml
<bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="uid"
c:authenticator-ref="authenticator">
c:authenticator-ref="authenticator">
any help?
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Reply all
Reply to author
Forward
0 new messages