Re: CAS 7.1 SAML attributes releases policy

218 views
Skip to first unread message

wouldsmina

unread,
Dec 11, 2024, 8:24:26 AM12/11/24
to CAS Community
On a colleague's advice, I tested the service sptest.iamshowcase.com, and I noticed that the attributes are indeed being transmitted by CAS. However, some attributes (such as uid) do not have a friendly name. This is likely what is causing the issue with my service provider.



Le mer. 11 déc. 2024 à 10:01, wouldsmina <would...@gmail.com> a écrit :
Hi,

I am preparing to migrate my CAS server from version 6 to 7.1, but I am encountering an issue with attribute release in SAML.

In version 6, this works fine, but in version 7, no attributes are being transmitted. 
Here is the content of my service file:
{
  "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
  "serviceId": "^https://git\\.univ-xxxx\\.fr",
  "name": "git",
  "id": 1637335622,
  "description": "git",
  usernameAttributeProvider:
  {
    @class: org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider
    usernameAttribute: uid
  }
  attributeReleasePolicy:
  {
    @class: org.apereo.cas.services.ReturnAllAttributeReleasePolicy
  }
  "requiredNameIdFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified",
  "metadataLocation": "https://git.univ-xxxx.fr/users/auth/saml/metadata",
  "signAssertions": false,
  "signResponses": true
}


Here is what the logs show:
WHAT: {result=Service Access Granted, principal=SimplePrincipal(id=xxxxxxx, attributes={}), service=https://git.univ-xxxx.fr, requiredAttributes={}}

I have tried different methods based on this page of the documentation, but it hasn't improved the situation.

Does the service file for SAML need to change between version 6 and 7? Or is there perhaps a parameter that needs to be added to the CAS configuration? I’ve searched through the documentation but can’t find anything specific. Could someone please help me?

Best regards,

wouldsmina

unread,
Dec 11, 2024, 8:24:40 AM12/11/24
to CAS Community

wouldsmina

unread,
Dec 11, 2024, 9:45:25 AM12/11/24
to Andrew Tillinghast, CAS Community
I do not have a samlidp-attribute-definitions.json file in cas-overlay-template/src/main/resources/ only application.yml file.

Le mer. 11 déc. 2024 à 15:33, Andrew Tillinghast <atilli...@unicon.net> a écrit :
This is a feature of CAS 7, for common eduperson attrbutes by default CAS will now send the proper UIDs. 
Review src/main/resources/samlidp-attribute-definitions.json to see the attributes automatically named. You can replace the file with a blank one if you want to disable this feature.

Andrew Tillinghast

unread,
Dec 11, 2024, 9:45:37 AM12/11/24
to CAS Community, wouldsmina
This is a feature of CAS 7, for common eduperson attrbutes by default CAS will now send the proper UIDs. 
Review src/main/resources/samlidp-attribute-definitions.json to see the attributes automatically named. You can replace the file with a blank one if you want to disable this feature.
On Wednesday, December 11, 2024 at 8:24:40 AM UTC-5 wouldsmina wrote:

Andrew Tillinghast

unread,
Dec 11, 2024, 10:07:36 AM12/11/24
to wouldsmina, CAS Community
You can find the source file in support/cas-server-support-saml-idp-web/src/main/resources/samlidp-attribute-definitions.json where as src/main/resources/ would be in your cas overlay if you've customized or overridden that file.

wouldsmina

unread,
Dec 11, 2024, 1:33:17 PM12/11/24
to Andrew Tillinghast, CAS Community
It works well. Thank you very much Andrew.
Reply all
Reply to author
Forward
0 new messages