OpenId protocol & Attribute Exchange

[Pierre Mauduit]

Hello,

I'm trying to configure CAS server based on a 4.2.0 version as an OpenId provider ; for now I was able to use the OpenId enpoint by following the documentation available here[1], with some customizations to add some attributes on the user (uid, email, ... which are stored onto an openLDAP server on each users' entry).

I tried to dig in the code to see if there was a way of providing these extra attributes (that - if my understandings of the openid protocol internals are correct - should appear in openid.ax.*=... in the return_to url), wiring some beans to do so, but with no luck. From what I can see while debugging, the attributes are correctly resolved from the LDAP (I can see them in the Principal object after successful authentication), but they are not "released" in the return_to url.

Here is a snippet in my deployerConfigContext.xml to resolve my extra attributes:

    <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao">

        <property name="baseDN" value="${ldap.authn.userSearchBaseDn}" />

        <property name="searchFilter" value="uid={0}" />

        <property name="unmappedUsernameAttribute" value="uid" />

        <property name="searchControls">

            <bean class="javax.naming.directory.SearchControls" />

        </property>

        <property name="connectionFactory" ref="connectionFactory" />

        <property name="resultAttributeMapping">

            <util:map>

                <entry key="uid" value="identifier" />

                <entry key="mail" value="email" />

                <entry key="cn" value="fullname" />

                <entry key="sn" value="lastname" />   

            </util:map>        

        </property>

    </bean>

Am I missing something ? Best regards,

[1] https://apereo.github.io/cas/4.2.x/protocol/OpenID-Protocol.html

-- Pierre