CAS management - new service username attribute provider options

330 views
Skip to first unread message

Justin Andrews

unread,
Nov 20, 2017, 9:56:41 AM11/20/17
to CAS Community
Hi folks - What are the requirements to be able to adjust the username attribute via the CAS management GUI? This is all I see.....


William E.

unread,
Nov 21, 2017, 10:49:13 AM11/21/17
to CAS Community
Do you have entries like below in your cas.properties file?

cas.authn.attributeRepository.ldap[0].attributes.uid=uid
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.cn=commonName
cas.authn.attributeRepository.ldap[0].attributes.affiliation=eduPersonAffiliation
.............

Justin Andrews

unread,
Nov 21, 2017, 3:01:09 PM11/21/17
to CAS Community
No, I do not have those in my cas.properties...

William E.

unread,
Nov 21, 2017, 10:24:47 PM11/21/17
to CAS Community
I had to add them to mine for the username drop down in cas management to get populated.

Justin Andrews

unread,
Nov 22, 2017, 8:26:40 AM11/22/17
to CAS Community
Gotcha. Do you also have these defined in your pom.xml ?

<dependency>
    <groupId>org.apereo.service.persondir</groupId>
    <artifactId>person-directory-api</artifactId>
    <version>${person.directory.version}</version>
</dependency>
<dependency>
    <groupId>org.apereo.service.persondir</groupId>
    <artifactId>person-directory-impl</artifactId>
    <version>${person.directory.version}</version>
</dependency>

William E.

unread,
Nov 22, 2017, 9:34:09 AM11/22/17
to CAS Community
Nope.  In my cas 5.1 pom I only have:

    <dependencies>
        <dependency>
            <groupId>org.apereo.cas</groupId>
            <artifactId>cas-server-webapp${app.server}</artifactId>
            <version>${cas.version}</version>
            <type>war</type>
            <scope>runtime</scope>
        </dependency>
        <dependency>
           <groupId>org.apereo.cas</groupId>
           <artifactId>cas-server-support-ldap</artifactId>
           <version>${cas.version}</version>
        </dependency>


<!-- custom -->
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-json-service-registry</artifactId>
    <version>${cas.version}</version>
</dependency>
<dependency>
  <groupId>org.apereo.cas</groupId>
  <artifactId>cas-server-support-saml-idp</artifactId>
  <version>${cas.version}</version>
</dependency>
<dependency>
     <groupId>org.apereo.cas</groupId>
     <artifactId>cas-server-support-token-webflow</artifactId>
     <version>${cas.version}</version>
</dependency>
<dependency>
     <groupId>org.apereo.cas</groupId>
     <artifactId>cas-server-support-saml-sp-integrations</artifactId>
     <version>${cas.version}</version>
</dependency>
<!-- custom -->


    </dependencies>



In my cas-management 5.1 pom.xml:

    <dependencies>
        <dependency>
            <groupId>org.apereo.cas</groupId>
            <artifactId>cas-management-webapp</artifactId>
            <version>${cas.version}</version>
            <type>war</type>
        </dependency>


<!-- custom -->
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-json-service-registry</artifactId>
    <version>${cas.version}</version>
</dependency>
<!-- custom -->


    </dependencies>


Justin Andrews

unread,
Nov 22, 2017, 9:38:47 AM11/22/17
to CAS Community
Thank you so much. I tried adding the lines you mentioned in my cas.properties but still no luck. We've got similar setups the only dependency I don't have in CAS is below.

<dependency>
     <groupId>org.apereo.cas</groupId>
     <artifactId>cas-server-support-saml-sp-integrations</artifactId>
     <version>${cas.version}</version>
</dependency>

William E.

unread,
Nov 22, 2017, 9:53:46 AM11/22/17
to CAS Community
Resultant cas management screenshot attached.
Full disclosure, this is our test CAS 5.1, we haven't deployed to production yet, we're still cas 3.6 in prod.  But, I have tested a few cas clients and one saml Sp(shibboleth on linux, apache).  So we're in the final phases of testing and configuration.  It took several weeks to get here and support from the awesome folks at Unicon's help.  As well as perusing some of the cas source code on github.  Also, reading the excellent doc from another school:  https://dacurry-tns.github.io/deploying-apereo-cas/pdf/deploying-apereo-cas.pdf

My sanitized cas.properties:

cas.server.prefix: https://sso.example.edu/cas

cas.adminPagesSecurity.ip=127\.0\.0\.1

logging.config: file:/etc/cas/config/log4j2.xml

# Authentication
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://ldap.example.edu:636
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].baseDn=ou=People,dc=example,dc=edu
cas.authn.ldap[0].userFilter=uid={user}
cas.authn.ldap[0].bindDn=uid=someone,ou=people,dc=example,dc=edu
cas.authn.ldap[0].bindCredential=xxxxxx

# Attribute resolution
cas.authn.attributeRepository.ldap[0].order=0
cas.authn.attributeRepository.ldap[0].ldapUrl=ldaps://ldap.example.edu:636
cas.authn.attributeRepository.ldap[0].useSsl=true
cas.authn.attributeRepository.ldap[0].useStartTls=false
cas.authn.attributeRepository.ldap[0].baseDn=ou=People,dc=example,dc=edu
cas.authn.attributeRepository.ldap[0].bindDn=uid=someone,ou=People,dc=example,dc=edu
cas.authn.attributeRepository.ldap[0].bindCredential=xxxxxx
cas.authn.attributeRepository.ldap[0].userFilter=uid={user}
cas.authn.attributeRepository.ldap[0].attributes.uid=uid
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.cn=commonName
cas.authn.attributeRepository.ldap[0].attributes.affiliation=eduPersonAffiliation
cas.authn.attributeRepository.ldap[0].attributes.primaryaffiliation=eduPersonPrimaryAffiliation
cas.authn.attributeRepository.ldap[0].attributes.mail=mail
cas.authn.attributeRepository.ldap[0].attributes.member=member
cas.authn.attributeRepository.ldap[0].attributes.memberof=memberof
cas.authn.attributeRepository.ldap[0].attributes.sn=sn
cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.givenName=givenName

cas.personDirectory.principalAttribute=uid
cas.personDirectory.returnNull=false
cas.personDirectory.principalResolutionFailureFatal=false

# disable static lists login
cas.authn.accept.users=

# json service registry
cas.serviceRegistry.config.location=file:/etc/cas/config/services

cas.samlSP.inCommon.name=InCommon Aggregate
cas.samlSP.inCommon.description=InCommon Metadata Aggregate
cas.samlSP.inCommon.attributes=eduPersonPrincipalName,givenName,cn,sn
cas.samlSP.inCommon.signatureLocation=/etc/cas/saml/inc-md-public-key.pem

cas.authn.samlIdp.entityId=https://sso.example.edu/idp/shibboleth
cas.authn.samlIdp.scope=example.edu
cas.authn.samlIdp.metadata.location=file:/etc/cas/saml



My sanitized management.properties:

# CAS server that management app will authenticate with
# This server will authenticate for any app (service) and you can login as casuser/Mellon 
cas.server.prefix: https://sso.example.edu/cas

cas.mgmt.adminRoles=ROLE_ADMIN
cas.mgmt.userPropertiesFile=file:/etc/cas/config/users.properties

# Update this URL to point at server running this management app
cas.mgmt.serverName=https://sso.example.edu:8443

server.context-path=/cas-management
server.port=8443

spring.thymeleaf.mode=HTML
logging.config=file:/etc/cas/config/log4j2-management.xml

cas.serviceRegistry.config.location=file:/etc/cas/config/services

cas.mgmt.ldap.ldapAuthz.searchFilter=cn={user}

cas.mgmt.ldap.baseDn=ou=people,dc=example,dc=edu
cas.mgmt.ldap.ldapUrl=ldaps://ldap.example.edu
cas.mgmt.ldap.userFilter=uid={user}
cas.mgmt.ldap.bindDn=uid=someone,ou=people,dc=example,dc=edu
cas.mgmt.ldap.bindCredential=xxxxxx

# Attribute resolution
cas.authn.attributeRepository.ldap[0].order=0
cas.authn.attributeRepository.ldap[0].ldapUrl=ldaps://ldap.example.edu
cas.authn.attributeRepository.ldap[0].useSsl=true
cas.authn.attributeRepository.ldap[0].useStartTls=false
cas.authn.attributeRepository.ldap[0].baseDn=ou=People,dc=example,dc=edu
cas.authn.attributeRepository.ldap[0].bindDn=uid=someone,ou=People,dc=example,dc=edu
cas.authn.attributeRepository.ldap[0].bindCredential=xxxxxx
cas.authn.attributeRepository.ldap[0].userFilter=uid={user}
cas.authn.attributeRepository.ldap[0].attributes.uid=uid
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.cn=commonName
cas.authn.attributeRepository.ldap[0].attributes.affiliation=eduPersonAffiliation
cas.authn.attributeRepository.ldap[0].attributes.primaryaffiliation=eduPersonPrimaryAffiliation
cas.authn.attributeRepository.ldap[0].attributes.mail=mail
cas.authn.attributeRepository.ldap[0].attributes.member=member
cas.authn.attributeRepository.ldap[0].attributes.memberof=memberof
cas.authn.attributeRepository.ldap[0].attributes.sn=sn
cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.givenName=givenName


Screen Shot 2017-11-16 at 1.20.44 PM.png

Justin Andrews

unread,
Nov 22, 2017, 10:03:09 AM11/22/17
to CAS Community
Thanks for the help William - I'll give this all a read, see what I can come up with. Appreciate it!
Reply all
Reply to author
Forward
0 new messages