[cas-user] CAS 5.1 Question to retrieve Facebook Profile Fields

[Raymond Cheng - ITD]

Hi,

 

I am trying to setup CAS 5.1 and I have enabled Facebook login successfully.

But I cannot retrieve Facebook Fields and server log see empty attribute list in principal.

 

Please kindly advise if there is some setting missing. Thanks!

 

Regards,

Raymond Cheng

 

[service json]

_hkscs{

  "@class": "org.apereo.cas.services.RegexRegisteredService",

  "id": 10000001,

  "name": "sample",

  "serviceId": "^(http|https)://.*\\.testing\\.com/.*",

  "evaluationOrder": 1,

  "attributeReleasePolicy" : {

    "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",

    "allowedAttributes" : [ "java.util.ArrayList", [ "id", "name", "first_name", "middle_name", "last_name", "email" ] ]

  }

}

 

[cas.properties]

cas.authn.pac4j.name=facebook login

cas.authn.pac4j.typedIdUsed=true

cas.authn.pac4j.autoRedirect=false

 

cas.authn.pac4j.facebook.id=123

cas.authn.pac4j.facebook.secret=123

cas.authn.pac4j.facebook.scope=public_profile,email

cas.authn.pac4j.facebook.fields=id,name,first_name,middle_name,last_name,email

 

[cas log on startup]

2017-06-22 15:04:15,645 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Final list of attribute repositories is [[]]>

2017-06-22 15:04:15,656 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Configured merging strategy for attribute sources is [REPLACE]>

2017-06-22 15:04:15,666 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <No attribute repository sources are available/defined to merge together.>

 

[cas log after facebook login]

2017-06-22 14:34:45,167 DEBUG [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository] - <Could not find principal [org.pac4j.oauth.profile.facebook.FacebookProfile#112233406054479] in the repository so no attributes are returned.>

2017-06-22 14:34:45,168 DEBUG [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository] - <Found [0] attributes for principal [org.pac4j.oauth.profile.facebook.FacebookProfile#112233406054479] from the attribute repository.>

2017-06-22 14:34:45,169 DEBUG [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository] - <No merging strategy found, so attributes retrieved from the repository will be used instead.>

2017-06-22 14:34:45,171 DEBUG [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository] - <Using [org.pac4j.oauth.profile.facebook.FacebookProfile#112233406054479], no caching takes place for [DefaultPrincipalAttributesRepository] to add attributes.>

2017-06-22 14:34:45,172 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Found principal attributes [{}] for [org.pac4j.oauth.profile.facebook.FacebookProfile#112233406054479]>

2017-06-22 14:34:45,173 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Calling attribute policy [ReturnAllowedAttributeReleasePolicy] to process attributes for [org.pac4j.oauth.profile.facebook.FacebookProfile#112233406054479]>

2017-06-22 14:34:45,173 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of [{}] for [org.pac4j.oauth.profile.facebook.FacebookProfile#112233406054479]>

2017-06-22 14:34:45,174 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attempting to merge policy attributes and default attributes>

2017-06-22 14:34:45,174 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Checking default attribute policy attributes>

2017-06-22 14:34:45,175 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Located application context. Retrieving default attributes for release, if any>

2017-06-22 14:34:45,175 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes for release are: [[cn, givenName, uid, affiliation]]>

2017-06-22 14:34:45,176 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes found to be released are [{}]>

2017-06-22 14:34:45,176 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Adding default attributes first to the released set of attributes>

2017-06-22 14:34:45,177 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Adding policy attributes to the released set of attributes>

2017-06-22 14:34:45,177 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Final collection of attributes allowed are: [{}]>

2017-06-22 14:34:45,178 DEBUG [org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider] - <Returning the default principal id [org.pac4j.oauth.profile.facebook.FacebookProfile#112233406054479] for username.>

 

EGL Tours Company Limited 東瀛遊旅行社有限公司 (香港聯合交易所主板上市 股份代號 6882)
電話查詢及服務中心: 3692-0888 Website: www.egltours.com Facebook: www.facebook.com/egltours

本郵件(及任何附件)可能 載有機密、專有、具有特權或受法律保護的資料，並僅供收件人(或負責將資料遞交給收件人的人士)使用。如閣下不是本郵件 的預定收件人，便無權閱讀、列印、保留、複製或傳佈本郵件或其任何部分。如閣下錯誤地收到本郵件，請立即將之銷毀或從閣 下的系統中刪除，並通知寄件人。

______________________________________________________________________
http://www.egltours.com/promotion

This message (and any attachments) may contain information that is confidential,proprietary,privileged or otherwise protected by law.The message is intended solely for the named addressee (or a person responsible for delivering it to the addressee).If you are not the intended recipient of this message, you are not authorized to read, print, retain , copy or disseminate this message or any part of it.If you have received this message in error, please destroy the message or delete it from your system immediately and notify the sender.

[ssog...@gmail.com]

I see the same issue in 5.1.0

PAC4J attributes are not visible.

Did you find a solution?

[Marius Trimbur]

Same issue with a 5.1.0 server and authentication delegated to Google...

[RJ]

I have created an issue, https://github.com/apereo/cas/issues/2751

but it seems to be auto closed with "Contribution Suitable - Needs Pull Request". Any clue?

Thanks

On Tue, Jul 4, 2017 at 3:47 AM, Marius Trimbur <marius....@gmail.com> wrote:

Same issue with a 5.1.0 server and authentication delegated to Google...

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a0ffb08b-ead2-46bc-946d-566414cae4b7%40apereo.org.

[Carlos Zuñiga]

Hi guys,

did you find a solution to this problem? I am having a very similar issue, when I validate the service ticket get some attributes on the client, such as:

1. attributes: Object
1. authenticationDate: "2017-09-01T22:49:52.498Z[Etc/UTC]"
2. authenticationMethod: "ClientAuthenticationHandler"
3. clientName: "FacebookClient"
4. isFromNewLogin: "true"
5. longTermAuthenticationRequestTokenUsed: "false"
6. successfulAuthenticationHandlers: "ClientAuthenticationHandler"

But not the ones I asked for:

cas.authn.pac4j.facebook.fields=id,name,first_name,middle_name,last_name,email

I am able to see these fields in the pac4j logs right after logging in.

[Joseph Fischetti]

It looks like, perhaps only in 5.0.x and older, that a rewrite on the client side is required:

https://apereo.github.io/cas/5.0.x/integration/Delegate-Authentication.html#recreate-profiles

This section doesn't exist in the 5.1.x or development documentation so maybe it was 'fixed'. 

I'd love some input as well since I would like to use this functionality with existing cas services without modifying them.  If we have to modify the services, we could just do so to implement the delegated authentication directly.  

[Raymond Cheng - ITD]

Hi Steve,

 

Thanks for your email.

 

Here is the link for my knowledge.

 

https://apereo.github.io/cas/5.2.x/integration/Delegate-Authentication.html#delegated-authentication

https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#pac4j-delegated-authn

 

Besides, the latest CAS version work fine and I can use Facebook login now.

I am using Spring Security for integration. I need to use new ticket validator “org.jasig.cas.client.validation.Cas30ServiceTicketValidator” to retrieve Facebook attribute after login success.

 

Hope you can find useful information.

 

Raymond

 

From: Steve Hespelt [mailto:shes...@gmail.com]
Sent: Wednesday, April 04, 2018 1:47 AM
To: CAS Community
Cc: Raymond Cheng - ITD
Subject: Re: [cas-user] CAS 5.1 Question to retrieve Facebook Profile Fields

 

Hi Raymond,

I came across your post & I have a really (?) simple question:  where did you find documentation on what values should be used for various authn properties - eg. the cas.authn.pac4j.facebook.scope=public_profile,email that you had in the 6/22/17 post? I've been looking at the CAS 5.2.x docs & one thing I've noticed is a lack of detail on what values are meaningful for various properties & the implications for using such values. grepping the src tree for fully specified property names  or just prefixes (eg. "cas.authn.pac4j." result in matches found only in the /docs/.... So obviously the code doesn't use full property name strings to retrieve values.

 

Hope you can just point me in the right direction. 

And I'm curious if you find the solution to your post.

Thanks,

-steve

 

Click here to report this email as spam.