[cas-user] get userinfo from cas oidc, the claims value are array not string

8 views
Skip to first unread message

Jae Liu

unread,
Jan 20, 2022, 5:39:02 AM1/20/22
to CAS Community

Hi everybody,

 

I am facing an issue with getting user info from CAS v6.4.5 as OIDC OP with LDAP as source. The claims’ value from userinfo endpint is an array, not string per spec.

How to config CAS to provide claims per spec as string?

 

Results of /cas/oidc/profile:

{
    "email":[
        "liu...@yozo.com"
    ],
    "name":[
        "jae liu"
    ],
    "nickname":[
        "liu_jae"
    ],
    "preferred_username":[
        "liu...@yozo.com "
    ],
    "sub":"liu_jie",
    "service":"http://127.0.0.1:5556/auth/callback",
    "auth_time":1642666074,
    "id":"liu_jae",
    "client_id":"hc0vr9iYm9iPyi6M1MctxOtx71bokdMWKHbO",
    "aud":"hc0vr9iYm9iPyi6M1MctxOtx71bokdMWKHbO",
    "iat":1642671699,
    "iss":null,
    "jti":"7be481a8-7ad5-4011-817e-6a2418ddc19b"
}

 

We can see the value of email, name, preferred_username are list, these claims are map from ldap attributes.

 

Following are debug log:

 

DEBUG [org.apereo.cas.authentication.CoreAuthenticationUtils] - <Merged attributes with the final result as [

{

  clientIpAddress=[192.168.xx.xx9],

  commonName=[jae],

  authenticationDate=[1642666074],

  mail=[liu...@yozo.com],

  sAMAccountName=[liu_jae],

  displayName=[jae liu)],

  successfulAuthenticationHandlers=[yozo],

  givenName=[jae],

  userAgent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0],

  dn=[CN=liu_jae,OU=xxxx,OU=xxxx,DC=xx,DC=local],

  credentialType=[UsernamePasswordCredential],

  authenticationMethod=[yozo],

  serverIpAddress=[172.16.xx.xx],

  sn=[liu_jae],

  userPrincipalName=[liu...@xxx.com]

}]>

 

DEBUG [org.apereo.cas.authentication.principal.RegisteredServicePrincipalAttributesRepository] - <Using [liu_jae], no caching/update takes place for [DefaultPrincipalAttributesRepository] to add attributes [

{

  oauthClientId=[hc0vr9iYm9iPyi6M1MctxOtx71bokdMWKHbO],

  name=[jae liu)], nickname=[liu_jae],

  preferred_username=[liu...@yozo.com],

  email=[liu...@yozo.com]

}

]>

 

DEBUG [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Attempting to map and filter claims based on resolved attributes [

{

  email=[liu...@yozo.com],

  name=[jae liu],

  nickname=[liu_jae],

  oauthClientId=[hc0vr9iYm9iPyi6M1MctxOtx71bokdMWKHbO],

  preferred_username=[liu...@yozo.com]

}

]>

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/31950134-9e9a-4c76-9e89-3fd876aaadc3n%40apereo.org.
Reply all
Reply to author
Forward
0 new messages