pac4j SAML2Client and principal
87 views
Skip to first unread message
Scott Koranda
Mar 22, 2018, 11:25:52 AM3/22/18
to cas-...@apereo.org
Hi,
I am using CAS 5.1.3 (though I might be able to upgrade to 5.2.3,
depending on the issue of which binding is being used for the
<AuthnRequest>, as detailed in an earlier note to this list).
I am delegating authentication to a SAML2 IdP using pac4j.
After a successful authentication I see in cas.log
2018-03-22 14:44:46,372 DEBUG [org.pac4j.saml.client.SAML2Client] -
<profile: #SAML2Profile# | id: AAdzZWNyZXQxQJ7RzalR0+OnEE09XX3FnuYElvWkhkCSbAshdwAYSR5WQq3x7qEeuj6lzDF18EwarKKWUhElP5/dR+k1h1NlMaLBZmgeA/5fGFSHZwZEABRLliyrpjaNW7HK+sqDWq73E 8uqJp0pzRmivQ== |
attributes:
{urn:oid:0.9.2342.19200300.100.1.3=[skor...@gmail.com], mail=[skor...@gmail.com],
urn:oid:0.9.2342.19200300.100.1.1=[scott.koranda], displayName=[Scott Koranda], givenName=[Scott],
urn:oid:2.5.4.42=[Scott], notBefore=2018-03-22T14:44:45.460Z, uid=[scott.koranda],
urn:oid:2.16.840.1.113730.3.1.241=[Scott Koranda],
urn:oid:1.3.6.1.4.1.5923.1.1.1.6=[scott....@sphericalcowgroup.com],
notOnOrAfter=2018-03-22T14:49:45.460Z,
eduPersonPrincipalName=[scott....@sphericalcowgroup.com],
urn:oid:2.5.4.4=[Koranda], sn=[Koranda],
sessionindex=_570a4d9a94551c4e52cf75415fac58f0} | roles: [] |
permissions: [] | isRemembered: false | clientName: null | linkedId:
null |>
Those are the values for NameID (transient) and attributes that I
expect.
The next line in cas.log is
2018-03-22 14:44:46,402 INFO
[org.apereo.cas.authentication.AbstractAuthenticationManager] -
<Authenticated principal
[AAdzZWNyZXQxQJ7RzalR0+OnEE09XX3FnuYElvWkhkCSbAshdwAYSR5WQq3x7qEeuj6lzDF18EwarKKWUhElP5/dR+k1h1NlMaLBZmgeA/5fGFSHZwZEABRLliyrpjaNW7HK+sqDWq73E8uqJp0pzRmivQ==]
with attributes [{}] via credentials
[[org.apereo.cas.authentication.principal.ClientCredential@6c1c5d52[id=AAdzZWNyZXQxQJ7RzalR0+OnEE09XX3FnuYElvWkhkCSbAshdwAYSR5WQq3x7qEeuj6lzDF18EwarKKWUhElP5/dR+k1h1NlMaLBZmgeA/5fGFSHZwZEABRLliyrpjaNW7HK+sqDWq73E8uqJp0pzRmivQ==]]].>
So it appears that the NameID value (transient) is being used as the
principal, but none of the attributes are making it from the pac4j layer
into the CAS layer.
Is that a correct assessment?
If so, how can I
a) change what value is used for the principal? I would like to use the
value from one of the asserted attributes.
b) push the attributes into the CAS layer to make them available for
assertion downstream to the CAS client?
I have reviewed the documentation for the Delegated/pac4j authentication at
https://apereo.github.io/cas/5.1.x/integration/Delegate-Authentication.html
and that for Attribute Resolution at
https://apereo.github.io/cas/5.1.x/integration/Attribute-Resolution.html
but I am not able to find a configuration option that appears to tell
pac4j to push the attributes into the Authentication object.
Thank you for your consideration.
Scott K
I am using CAS 5.1.3 (though I might be able to upgrade to 5.2.3,
depending on the issue of which binding is being used for the
<AuthnRequest>, as detailed in an earlier note to this list).
I am delegating authentication to a SAML2 IdP using pac4j.
After a successful authentication I see in cas.log
2018-03-22 14:44:46,372 DEBUG [org.pac4j.saml.client.SAML2Client] -
<profile: #SAML2Profile# | id: AAdzZWNyZXQxQJ7RzalR0+OnEE09XX3FnuYElvWkhkCSbAshdwAYSR5WQq3x7qEeuj6lzDF18EwarKKWUhElP5/dR+k1h1NlMaLBZmgeA/5fGFSHZwZEABRLliyrpjaNW7HK+sqDWq73E 8uqJp0pzRmivQ== |
attributes:
{urn:oid:0.9.2342.19200300.100.1.3=[skor...@gmail.com], mail=[skor...@gmail.com],
urn:oid:0.9.2342.19200300.100.1.1=[scott.koranda], displayName=[Scott Koranda], givenName=[Scott],
urn:oid:2.5.4.42=[Scott], notBefore=2018-03-22T14:44:45.460Z, uid=[scott.koranda],
urn:oid:2.16.840.1.113730.3.1.241=[Scott Koranda],
urn:oid:1.3.6.1.4.1.5923.1.1.1.6=[scott....@sphericalcowgroup.com],
notOnOrAfter=2018-03-22T14:49:45.460Z,
eduPersonPrincipalName=[scott....@sphericalcowgroup.com],
urn:oid:2.5.4.4=[Koranda], sn=[Koranda],
sessionindex=_570a4d9a94551c4e52cf75415fac58f0} | roles: [] |
permissions: [] | isRemembered: false | clientName: null | linkedId:
null |>
Those are the values for NameID (transient) and attributes that I
expect.
The next line in cas.log is
2018-03-22 14:44:46,402 INFO
[org.apereo.cas.authentication.AbstractAuthenticationManager] -
<Authenticated principal
[AAdzZWNyZXQxQJ7RzalR0+OnEE09XX3FnuYElvWkhkCSbAshdwAYSR5WQq3x7qEeuj6lzDF18EwarKKWUhElP5/dR+k1h1NlMaLBZmgeA/5fGFSHZwZEABRLliyrpjaNW7HK+sqDWq73E8uqJp0pzRmivQ==]
with attributes [{}] via credentials
[[org.apereo.cas.authentication.principal.ClientCredential@6c1c5d52[id=AAdzZWNyZXQxQJ7RzalR0+OnEE09XX3FnuYElvWkhkCSbAshdwAYSR5WQq3x7qEeuj6lzDF18EwarKKWUhElP5/dR+k1h1NlMaLBZmgeA/5fGFSHZwZEABRLliyrpjaNW7HK+sqDWq73E8uqJp0pzRmivQ==]]].>
So it appears that the NameID value (transient) is being used as the
principal, but none of the attributes are making it from the pac4j layer
into the CAS layer.
Is that a correct assessment?
If so, how can I
a) change what value is used for the principal? I would like to use the
value from one of the asserted attributes.
b) push the attributes into the CAS layer to make them available for
assertion downstream to the CAS client?
I have reviewed the documentation for the Delegated/pac4j authentication at
https://apereo.github.io/cas/5.1.x/integration/Delegate-Authentication.html
and that for Attribute Resolution at
https://apereo.github.io/cas/5.1.x/integration/Attribute-Resolution.html
but I am not able to find a configuration option that appears to tell
pac4j to push the attributes into the Authentication object.
Thank you for your consideration.
Scott K
Jérôme LELEU
Mar 23, 2018, 3:29:23 AM3/23/18
to CAS Community
Hi,
The behavior is to create the CAS principal and attributes from the pac4j principal and attributes. So you should get the pac4j attributes at the end.
Ignore the log about the ClientCredential, the toString method just outputs the id (not the attributes).
Is the service configured properly (with ReturnAllAttributeReleasePolicy for example)?
Thanks.
Best regards,
Jérôme
On Thu, Mar 22, 2018 at 4:25 PM, Scott Koranda <skor...@gmail.com> wrote:
Hi,
I am using CAS 5.1.3 (though I might be able to upgrade to 5.2.3,
depending on the issue of which binding is being used for the
<AuthnRequest>, as detailed in an earlier note to this list).
I am delegating authentication to a SAML2 IdP using pac4j.
After a successful authentication I see in cas.log
2018-03-22 14:44:46,372 DEBUG [org.pac4j.saml.client.SAML2Client] -
<profile: #SAML2Profile# | id: AAdzZWNyZXQxQJ7RzalR0+OnEE09XX3FnuYElvWkhkCSbAshdwAYSR5WQq3x7qEeuj6lzDF18EwarKKWUhElP5/dR+k1h1NlMaLBZmgeA/5fGFSHZwZEABRLliyrpjaNW7HK+sqDWq73E 8uqJp0pzRmivQ== |
attributes:
{urn:oid:0.9.2342.19200300.100.1.3=[skor...@gmail.com], mail=[skor...@gmail.com],
urn:oid:0.9.2342.19200300.100.1.1=[scott.koranda], displayName=[Scott Koranda], givenName=[Scott],
urn:oid:2.5.4.42=[Scott], notBefore=2018-03-22T14:44:45.460Z, uid=[scott.koranda],
urn:oid:2.16.840.1.113730.3.1.241=[Scott Koranda],
urn:oid:1.3.6.1.4.1.5923.1.1.1.6=[scott.koranda@sphericalcowgroup.com],
notOnOrAfter=2018-03-22T14:49:45.460Z,
eduPersonPrincipalName=[scott.kor...@sphericalcowgroup.com],
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180322152546.o52kuzuh6u227e5s%40paprika.local.
Scott Koranda
Mar 26, 2018, 10:21:32 AM3/26/18
to cas-...@apereo.org
Hi Jérôme,
The issue goes away with CAS version 5.2.3 and pac4j version 2.3.1.
Thanks,
Scott K
> Hi Jérôme,
>
> I am using the JSON service registry. The service is registered as
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "https://my.org/testing/cas/phpclient/example_simple.php",
> "name" : "testClient01",
> "id" : 1,
> "evaluationOrder" : 10,
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> },
> "usernameAttributeProvider" : {
> "@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
> "usernameAttribute" : "urn:oid:0.9.2342.19200300.100.1.1",
> "canonicalizationMode" : "NONE"
> }
> }
>
> So I believe the correct attribute release policy is in place to release all
> attributes to the service.
>
> The CAS log file contains this WARN message:
>
> 2018-03-24 10:02:59,411 WARN [org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider] - <Principal [AAdzZWNyZXQxoaZsp8jwcLkuGIb3wouQ4fg7MWmqgx+bnkd/EuWdmYlccwnzGtnBELaGS7ZMhiYxjvbzbXmlFcmhlQyJe9RyOsSx27yE14APpGvAWDpuR9bkuah8SfexOMbogtnYyK3aMRXjnFqsso5giA==] does not have an attribute [urn:oid:0.9.2342.19200300.100.1.1] among attributes [{}] so CAS cannot provide the user attribute the service expects. CAS will instead return the default principal id [AAdzZWNyZXQxoaZsp8jwcLkuGIb3wouQ4fg7MWmqgx+bnkd/EuWdmYlccwnzGtnBELaGS7ZMhiYxjvbzbXmlFcmhlQyJe9RyOsSx27yE14APpGvAWDpuR9bkuah8SfexOMbogtnYyK3aMRXjnFqsso5giA==]. Ensure the attribute selected as the username is allowed to be released by the service attribute release policy.>
>
> So CAS thinks there is no attribute "urn:oid:0.9.2342.19200300.100.1.1" but
> earlier in the log file pac4j logs
>
> 2018-03-24 10:02:58,906 DEBUG [org.pac4j.saml.client.SAML2Client] - <profile: #S
> AML2Profile# | id: AAdzZWNyZXQxoaZsp8jwcLkuGIb3wouQ4fg7MWmqgx+bnkd/EuWdmYlccwnzG
> tnBELaGS7ZMhiYxjvbzbXmlFcmhlQyJe9RyOsSx27yE14APpGvAWDpuR9bkuah8SfexOMbogtnYyK3aM
> RXjnFqsso5giA== | attributes: {urn:oid:0.9.2342.19200300.100.1.3=[skoranda@gmail
> =[scott....@sphericalcowgroup.com], urn:oid:2.5.4.4=[Koranda], sn=[Koranda],
> sessionindex=_0572dab54bff96c199e29f058aae9302} | roles: [] | permissions: [] |
> be populated.
>
> Am I missing something in my JSON service configuration?
>
> Again this is for version 5.1.3.
>
> Thanks,
>
> Scott K
> > > urn:oid:1.3.6.1.4.1.5923.1.1.1.6=[scott....@sphericalcowgroup.com],
> > > notOnOrAfter=2018-03-22T14:49:45.460Z,
> > > eduPersonPrincipalName=[scott....@sphericalcowgroup.com],
> > > email to cas-user+u...@apereo.org.
> > To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lxnu8HSxPMQzxLvCW0Ee0-RmBVEGq%2BC67PRqajwz0Q5Tg%40mail.gmail.com.
The issue goes away with CAS version 5.2.3 and pac4j version 2.3.1.
Thanks,
Scott K
> Hi Jérôme,
>
> I am using the JSON service registry. The service is registered as
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "https://my.org/testing/cas/phpclient/example_simple.php",
> "name" : "testClient01",
> "id" : 1,
> "evaluationOrder" : 10,
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> },
> "usernameAttributeProvider" : {
> "@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
> "usernameAttribute" : "urn:oid:0.9.2342.19200300.100.1.1",
> "canonicalizationMode" : "NONE"
> }
> }
>
> So I believe the correct attribute release policy is in place to release all
> attributes to the service.
>
> The CAS log file contains this WARN message:
>
> 2018-03-24 10:02:59,411 WARN [org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider] - <Principal [AAdzZWNyZXQxoaZsp8jwcLkuGIb3wouQ4fg7MWmqgx+bnkd/EuWdmYlccwnzGtnBELaGS7ZMhiYxjvbzbXmlFcmhlQyJe9RyOsSx27yE14APpGvAWDpuR9bkuah8SfexOMbogtnYyK3aMRXjnFqsso5giA==] does not have an attribute [urn:oid:0.9.2342.19200300.100.1.1] among attributes [{}] so CAS cannot provide the user attribute the service expects. CAS will instead return the default principal id [AAdzZWNyZXQxoaZsp8jwcLkuGIb3wouQ4fg7MWmqgx+bnkd/EuWdmYlccwnzGtnBELaGS7ZMhiYxjvbzbXmlFcmhlQyJe9RyOsSx27yE14APpGvAWDpuR9bkuah8SfexOMbogtnYyK3aMRXjnFqsso5giA==]. Ensure the attribute selected as the username is allowed to be released by the service attribute release policy.>
>
> So CAS thinks there is no attribute "urn:oid:0.9.2342.19200300.100.1.1" but
> earlier in the log file pac4j logs
>
> 2018-03-24 10:02:58,906 DEBUG [org.pac4j.saml.client.SAML2Client] - <profile: #S
> AML2Profile# | id: AAdzZWNyZXQxoaZsp8jwcLkuGIb3wouQ4fg7MWmqgx+bnkd/EuWdmYlccwnzG
> tnBELaGS7ZMhiYxjvbzbXmlFcmhlQyJe9RyOsSx27yE14APpGvAWDpuR9bkuah8SfexOMbogtnYyK3aM
> RXjnFqsso5giA== | attributes: {urn:oid:0.9.2342.19200300.100.1.3=[skoranda@gmail
> .com], mail=[skor...@gmail.com], urn:oid:0.9.2342.19200300.100.1.1=[scott.koran
> da], displayName=[Scott Koranda], givenName=[Scott], urn:oid:2.5.4.42=[Scott], n
> otBefore=2018-03-24T10:02:57.588Z, uid=[scott.koranda], urn:oid:2.16.840.1.11373
> da], displayName=[Scott Koranda], givenName=[Scott], urn:oid:2.5.4.42=[Scott], n
> 0.3.1.241=[Scott Koranda], urn:oid:1.3.6.1.4.1.5923.1.1.1.6=[scott.koranda@spher
> icalcowgroup.com], notOnOrAfter=2018-03-24T10:07:57.588Z, eduPersonPrincipalName
> =[scott....@sphericalcowgroup.com], urn:oid:2.5.4.4=[Koranda], sn=[Koranda],
> sessionindex=_0572dab54bff96c199e29f058aae9302} | roles: [] | permissions: [] |
> isRemembered: false | clientName: null | linkedId: null |>
>
> where the attribute urn:oid:0.9.2342.19200300.100.1.1 is explicitly shown to
>
> be populated.
>
> Am I missing something in my JSON service configuration?
>
> Again this is for version 5.1.3.
>
> Thanks,
>
> Scott K
> > > notOnOrAfter=2018-03-22T14:49:45.460Z,
> > > eduPersonPrincipalName=[scott....@sphericalcowgroup.com],
> > > To view this discussion on the web visit https://groups.google.com/a/
> > > apereo.org/d/msgid/cas-user/20180322152546.o52kuzuh6u227e5s%40paprika.
> > > local.
> > >
> >
> > > apereo.org/d/msgid/cas-user/20180322152546.o52kuzuh6u227e5s%40paprika.
> > > local.
> > >
> >
> > --
> > - Website: https://apereo.github.io/cas
> > - Gitter Chatroom: https://gitter.im/apereo/cas
> > - List Guidelines: https://goo.gl/1VRrw7
> > - Contributions: https://goo.gl/mh7qDG
> > ---
> > You received this message because you are subscribed to the Google Groups "CAS Community" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
> > - Website: https://apereo.github.io/cas
> > - Gitter Chatroom: https://gitter.im/apereo/cas
> > - List Guidelines: https://goo.gl/1VRrw7
> > - Contributions: https://goo.gl/mh7qDG
> > ---
> > You received this message because you are subscribed to the Google Groups "CAS Community" group.
> > To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lxnu8HSxPMQzxLvCW0Ee0-RmBVEGq%2BC67PRqajwz0Q5Tg%40mail.gmail.com.
Scott Koranda
Mar 26, 2018, 10:21:32 AM3/26/18
to cas-...@apereo.org
Hi Jérôme,
I am using the JSON service registry. The service is registered as
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "https://my.org/testing/cas/phpclient/example_simple.php",
"name" : "testClient01",
"id" : 1,
"evaluationOrder" : 10,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "urn:oid:0.9.2342.19200300.100.1.1",
"canonicalizationMode" : "NONE"
}
}
So I believe the correct attribute release policy is in place to release all
attributes to the service.
The CAS log file contains this WARN message:
2018-03-24 10:02:59,411 WARN [org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider] - <Principal [AAdzZWNyZXQxoaZsp8jwcLkuGIb3wouQ4fg7MWmqgx+bnkd/EuWdmYlccwnzGtnBELaGS7ZMhiYxjvbzbXmlFcmhlQyJe9RyOsSx27yE14APpGvAWDpuR9bkuah8SfexOMbogtnYyK3aMRXjnFqsso5giA==] does not have an attribute [urn:oid:0.9.2342.19200300.100.1.1] among attributes [{}] so CAS cannot provide the user attribute the service expects. CAS will instead return the default principal id [AAdzZWNyZXQxoaZsp8jwcLkuGIb3wouQ4fg7MWmqgx+bnkd/EuWdmYlccwnzGtnBELaGS7ZMhiYxjvbzbXmlFcmhlQyJe9RyOsSx27yE14APpGvAWDpuR9bkuah8SfexOMbogtnYyK3aMRXjnFqsso5giA==]. Ensure the attribute selected as the username is allowed to be released by the service attribute release policy.>
So CAS thinks there is no attribute "urn:oid:0.9.2342.19200300.100.1.1" but
earlier in the log file pac4j logs
2018-03-24 10:02:58,906 DEBUG [org.pac4j.saml.client.SAML2Client] - <profile: #S
AML2Profile# | id: AAdzZWNyZXQxoaZsp8jwcLkuGIb3wouQ4fg7MWmqgx+bnkd/EuWdmYlccwnzG
tnBELaGS7ZMhiYxjvbzbXmlFcmhlQyJe9RyOsSx27yE14APpGvAWDpuR9bkuah8SfexOMbogtnYyK3aM
RXjnFqsso5giA== | attributes: {urn:oid:0.9.2342.19200300.100.1.3=[skoranda@gmail
I am using the JSON service registry. The service is registered as
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "https://my.org/testing/cas/phpclient/example_simple.php",
"name" : "testClient01",
"id" : 1,
"evaluationOrder" : 10,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "urn:oid:0.9.2342.19200300.100.1.1",
"canonicalizationMode" : "NONE"
}
}
So I believe the correct attribute release policy is in place to release all
attributes to the service.
The CAS log file contains this WARN message:
2018-03-24 10:02:59,411 WARN [org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider] - <Principal [AAdzZWNyZXQxoaZsp8jwcLkuGIb3wouQ4fg7MWmqgx+bnkd/EuWdmYlccwnzGtnBELaGS7ZMhiYxjvbzbXmlFcmhlQyJe9RyOsSx27yE14APpGvAWDpuR9bkuah8SfexOMbogtnYyK3aMRXjnFqsso5giA==] does not have an attribute [urn:oid:0.9.2342.19200300.100.1.1] among attributes [{}] so CAS cannot provide the user attribute the service expects. CAS will instead return the default principal id [AAdzZWNyZXQxoaZsp8jwcLkuGIb3wouQ4fg7MWmqgx+bnkd/EuWdmYlccwnzGtnBELaGS7ZMhiYxjvbzbXmlFcmhlQyJe9RyOsSx27yE14APpGvAWDpuR9bkuah8SfexOMbogtnYyK3aMRXjnFqsso5giA==]. Ensure the attribute selected as the username is allowed to be released by the service attribute release policy.>
So CAS thinks there is no attribute "urn:oid:0.9.2342.19200300.100.1.1" but
earlier in the log file pac4j logs
2018-03-24 10:02:58,906 DEBUG [org.pac4j.saml.client.SAML2Client] - <profile: #S
AML2Profile# | id: AAdzZWNyZXQxoaZsp8jwcLkuGIb3wouQ4fg7MWmqgx+bnkd/EuWdmYlccwnzG
tnBELaGS7ZMhiYxjvbzbXmlFcmhlQyJe9RyOsSx27yE14APpGvAWDpuR9bkuah8SfexOMbogtnYyK3aM
RXjnFqsso5giA== | attributes: {urn:oid:0.9.2342.19200300.100.1.3=[skoranda@gmail
.com], mail=[skor...@gmail.com], urn:oid:0.9.2342.19200300.100.1.1=[scott.koran
da], displayName=[Scott Koranda], givenName=[Scott], urn:oid:2.5.4.42=[Scott], n
da], displayName=[Scott Koranda], givenName=[Scott], urn:oid:2.5.4.42=[Scott], n
otBefore=2018-03-24T10:02:57.588Z, uid=[scott.koranda], urn:oid:2.16.840.1.11373
0.3.1.241=[Scott Koranda], urn:oid:1.3.6.1.4.1.5923.1.1.1.6=[scott.koranda@spher
icalcowgroup.com], notOnOrAfter=2018-03-24T10:07:57.588Z, eduPersonPrincipalName
=[scott....@sphericalcowgroup.com], urn:oid:2.5.4.4=[Koranda], sn=[Koranda],
0.3.1.241=[Scott Koranda], urn:oid:1.3.6.1.4.1.5923.1.1.1.6=[scott.koranda@spher
icalcowgroup.com], notOnOrAfter=2018-03-24T10:07:57.588Z, eduPersonPrincipalName
sessionindex=_0572dab54bff96c199e29f058aae9302} | roles: [] | permissions: [] |
isRemembered: false | clientName: null | linkedId: null |>
where the attribute urn:oid:0.9.2342.19200300.100.1.1 is explicitly shown to
be populated.
Am I missing something in my JSON service configuration?
Again this is for version 5.1.3.
Thanks,
Scott K
be populated.
Am I missing something in my JSON service configuration?
Again this is for version 5.1.3.
Thanks,
Scott K
> > notOnOrAfter=2018-03-22T14:49:45.460Z,
> > eduPersonPrincipalName=[scott....@sphericalcowgroup.com],
> > To view this discussion on the web visit https://groups.google.com/a/
> > apereo.org/d/msgid/cas-user/20180322152546.o52kuzuh6u227e5s%40paprika.
> > local.
> >
>
> > apereo.org/d/msgid/cas-user/20180322152546.o52kuzuh6u227e5s%40paprika.
> > local.
> >
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS Community" group.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lxnu8HSxPMQzxLvCW0Ee0-RmBVEGq%2BC67PRqajwz0Q5Tg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages