Using JSON for test attributes in CAS 4.2.2
285 views
Skip to first unread message
Paul D
Jun 13, 2017, 9:13:00 AM6/13/17
to CAS Community
Trying to setup a testing CAS server using docker (apereo/cas:v4.2.2)
I can bring the server up and can successfully login and validate a ticket. What I really want to do is simulate various types of attribute release so I can easily have a set of users for testing with various affiliations and group memberships.
My cas.properties defines some test users admin1, admin2 and admin3
Then I'd like to use a JSON file as an attribute repository, which I'm trying like this:
/etc/cas/attribute-repository.json contains
My test service is configured to release all attributes
When I login as admin2 and validate the ticket, the response I get is like this:
I was hoping to see a firstName attribute and a eduPersonAffiliation attribute, and I'm not sure where the memberOf attributes have come from! Clearly, I'm missing some configuration somewhere - clues very much welcome!
I can bring the server up and can successfully login and validate a ticket. What I really want to do is simulate various types of attribute release so I can easily have a set of users for testing with various affiliations and group memberships.
My cas.properties defines some test users admin1, admin2 and admin3
accept.authn.users=admin1::admin1,admin2::admin2,admin3::admin3
Then I'd like to use a JSON file as an attribute repository, which I'm trying like this:
cas.authn.attributeRepository.json[0].config.location=file://etc/cas/attribute-repository.json
cas.authn.attributeRepository.json[0].order=0
/etc/cas/attribute-repository.json contains
{
"admin1": {
"firstName":["Admin1"],
"lastName":["One"]
},
"admin2": {
"firstName":["Admin2"],
"eduPersonAffiliation":["employee", "student"]
}
}
My test service is configured to release all attributes
{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "^(https|http)://.*",
"name" : "HTTPS and HTTP Test",
"id" : 10000001,
"description" : "Test service which releases all attributes.",
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"evaluationOrder" : 1,
"usernameAttributeProvider" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"logoutType" : "BACK_CHANNEL",
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
}
} When I login as admin2 and validate the ticket, the response I get is like this:
<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
<cas:authenticationSuccess>
<cas:user>admin2</cas:user>
<cas:attributes>
<cas:uid>uid</cas:uid>
<cas:isFromNewLogin>true</cas:isFromNewLogin>
<cas:authenticationDate>2017-06-13T11:45:43.636Z</cas:authenticationDate>
<cas:eduPersonAffiliation>eduPersonAffiliation</cas:eduPersonAffiliation>
<cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
<cas:memberOf>faculty</cas:memberOf>
<cas:memberOf>staff</cas:memberOf>
<cas:memberOf>org</cas:memberOf>
<cas:groupMembership>groupMembership</cas:groupMembership>
</cas:attributes>
</cas:authenticationSuccess>
</cas:serviceResponse>I was hoping to see a firstName attribute and a eduPersonAffiliation attribute, and I'm not sure where the memberOf attributes have come from! Clearly, I'm missing some configuration somewhere - clues very much welcome!
Clues most welcome...
Paul D
Jun 14, 2017, 3:34:13 AM6/14/17
to CAS Community
On Tuesday, June 13, 2017 at 2:13:00 PM UTC+1, Paul D wrote:
Trying to setup a testing CAS server using docker (apereo/cas:v4.2.2)....<snip>
I switched to v5.0.6 and the json attribute storage is working now. Just to assist anyone else who needs a similar setup for testing, my docker container is simply apereo/cas:v5.0.6 plus these additional files added via the Dockerfile
/cas-overlay/etc/cas/config/cas.properties (this is copied to /etc/cas/config at startup, and contains the location of the attribute repository)
cas.server.name: https://cas.example.org:8443
cas.server.prefix: https://cas.example.org:8443/cas
cas.adminPagesSecurity.ip=172\.17\.8\.1
cas.authn.attributeRepository.json.config.location=file://etc/cas/attribute-repository.json
logging.config: file:/etc/cas/config/log4j2.xml/etc/cas/attribute-repository.json (here's the attributes - the installation has a casuser with password Mellon already configured)
{
"casuser": {
"firstName":["Cassie"],
"eduPersonAffiliation":["employee", "student"]
}
}/cas-overlay/src/main/resources/services/TestService-10000003.json (this has a low numbered evaluation order to beat the other default service, and ensures all attributes are released)
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|http)://.*",
"name" : "HTTPS and HTTP Test",
"id" : 10000003,
"description" : "Test service which releases all attributes.",
"proxyPolicy" : {
"@class" : "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"evaluationOrder" : 1,
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"logoutType" : "BACK_CHANNEL",
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
}
}Reply all
Reply to author
Forward
0 new messages