Hello, something similar is happening to me.
In cas apereo v6.6.15 and pac4j v5.4.6, I am trying to log in to Google and Facebook through an endopoint.
In the json I have the following:
{
"@class": "org.apereo.cas.services.CasRegisteredService",
"serviceId": ...,
"name": ...,
"id": ...,
"evaluationOrder": 1,
"description": "CAS SSO V6.6.15",
"theme": "Theme",
"accessStrategy": {
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled": true,
"ssoEnabled": true
},
"properties": {
"@class": "java.util.HashMap",
"httpHeaderEnableXFrameOptions": {
"@class": "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values": [
"java.util.HashSet",
[
"true"
]
]
}
},
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"principalIdAttribute": "email",
"allowedAttributes": [
"java.util.ArrayList",
[
"email",
"name",
"first_name",
"last_name",
"given_name",
"family_name"
]
]
},
"singleSignOnParticipationPolicy": {
"@class": "org.apereo.cas.services.ChainingRegisteredServiceSingleSignOnParticipationPolicy",
"createCookieOnRenewedAuthentication": "TRUE",
"policies": [
"java.util.ArrayList",
[
{
"@class": "org.apereo.cas.services.AuthenticationDateRegisteredServiceSingleSignOnParticipationPolicy",
"timeUnit": "SECONDS",
"timeValue": 2592000,
"order": 0
}
]
]
}
}
and when trying to validate the ticket in /validate endpoint the answer is: yes, numerical ID and what I need is that it be the email and not an ID.
I am using pac4j for delegated auth and in cas.propertie I have tried the following configurations:
cas.authn.attribute.release.enabled=true
cas.authn.authentication-attribute-release.enabled=true
cas.authn.pac4j.saml[].principal-id-attribute: email
as.authn.jaas[].principal.use-existing-principal-id: email
but none of them manage to get the ticket quality to respond with the email.
Well, I appreciate any help.