The org.pac4j.core.profile.CommonProfile has methods like getUsername() but that returns null with saml AuthNHi
I've followed your docs and examples and have managed to get pac4j-saml and spring-security-pac4j working to create a SAML2 Client within a Spring Boot application that is successfully authenticating me against our local Shibboleth IdP.When i call org.springframework.security.core.Authentication.getName() I can see that pac4j has populated this object like so
-Optional[#SAML2Profile# | id: 78979454544t4trtrggege | attributes: {urn:oid:0.9.2342.19200300.100.1.3=[a-username@ourdomain.org], urn:oid:1.3.6.1.4.1.5923.1.1.1.6.1=[a-username], notOnOrAfter=2016-11-17T16:07:39.761Z, urn:oid:2.5.4.42=[Fred], urn:oid:1.3.6.1.4.1.5923.1.1.1.10=[879iuieuiieiuiu=], urn:oid:2.5.4.4=[Bloggs], urn:oid:1.3.6.1.4.1.5923.1.1.1.9=[member@ourdomain.org], sessionindex=efefef994r94r948, notBefore=2016-11-17T16:02:39.761Z} | roles: [] | permissions: [] | isRemembered: false |]
The oids listed are all the specified attribute names in the attribute payload from our Shibboleth IdP that the IdP has been configured to release to my test application.Each attribute element in the xml payload also has a "FriendlyName" attribute but I guess pac4j doesn't know about them? Maybe this could be an enhancement?
I was wondering what support pac4j provides for mapping the saml2 xml attribute data into an object for my spring boot app to easily query attributes from, even maybe use in Spring Security annotations like @Preauthorize?The org.pac4j.core.profile.CommonProfile has methods like getUsername() but that returns null with saml AuthNIf there is no out of the box support I'd appreciate some advice re how to do this.Cheers for any help or advice.Nomit
--
You received this message because you are subscribed to the Google Groups "pac4j-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
>> {urn:oid:0.9.2342.19200300.100.1.3=[a-username@ourdomain.org],
>> email to pac4j-users+unsubscribe@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
>
--
Nomit Babraa
Corporate Information and Computing Services
10-12 Brunswick Street
Sheffield
S10 2FN
Tel: 0114 222 1162
--
You received this message because you are subscribed to the Google Groups "pac4j-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users+unsubscribe@googlegroups.com.
Hi
Tried with spring-security-pac4j-2.1.2-SNAPSHOT but am still getting the output
>> >> -Optional[#SAML2Profile# | id: 78979454544t4trtrggege | attributes:
>> >> {urn:oid:0.9.2342.19200300.100.1.3=[a-username@ourdomain.org],
>> >> {urn:oid:0.9.2342.19200300.100.1.3=[a-username@ourdomain.org],
>> >> email to pac4j-users+unsubscribe@googlegroups.com.
>> >> For more options, visit https://groups.google.com/d/optout.
>> >
>> >
>>
>>
>>
>> --
>> Nomit Babraa
>> Corporate Information and Computing Services
>> 10-12 Brunswick Street
>> Sheffield
>> S10 2FN
>> Tel: 0114 222 1162
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "pac4j-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to pac4j-users+unsubscribe@googlegroups.com.
okay - many thanks for all your help
You've given me loads to go on.
cheers
On 21 November 2016 at 14:52, Jérôme LELEU <lel...@gmail.com> wrote:
> Hi,
>
> Currently, that's not straightforward as you cannot change the returned
> profile without overriding the client.
>
> But that's the idea: you should override the retrieveUserProfile method in a
> new SAML client to change the identifier by this specific attribute.
>
> Thanks.
> Best regards,
> Jérôme
>
>
> 2016-11-21 13:38 GMT+01:00 Nomit Babraa <h.ba...@sheffield.ac.uk>:
>>
>> Hi
>> Tried with spring-security-pac4j-2.1.2-SNAPSHOT but am still getting the
>> output
>>
>> >> >> -Optional[#SAML2Profile# | id: 78979454544t4trtrggege | attributes:
>> >> >> {urn:oid:0.9.2342.19200300.100.1.3=[a-username@ourdomain.org],
>> >> >> {urn:oid:0.9.2342.19200300.100.1.3=[a-username@ourdomain.org],
>> >> >> email to pac4j-users+unsubscribe@googlegroups.com.
>> >> >> For more options, visit https://groups.google.com/d/optout.
>> >> >
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Nomit Babraa
>> >> Corporate Information and Computing Services
>> >> 10-12 Brunswick Street
>> >> Sheffield
>> >> S10 2FN
>> >> Tel: 0114 222 1162
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> >> Groups
>> >> "pac4j-users" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send
>> >> an
>> >> email to pac4j-users+unsubscribe@googlegroups.com.
>> >> For more options, visit https://groups.google.com/d/optout.
>> >
>> >
>>
>>
>>
>> --
>> Nomit Babraa
>> Corporate Information and Computing Services
>> 10-12 Brunswick Street
>> Sheffield
>> S10 2FN
>> Tel: 0114 222 1162
>
>
--
Nomit Babraa
Corporate Information and Computing Services
10-12 Brunswick Street
Sheffield
S10 2FN
Tel: 0114 222 1162
--
You received this message because you are subscribed to the Google Groups "pac4j-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users+unsubscribe@googlegroups.com.
It looks like the SAMLClient is logging attribute friendly names but SamlProfile is logging the oid values.....Can I get the value of eduPersonPrincipalNameUnscoped using the key "eduPersonPrincipalNameUnscoped" from either the client or the profile?CheersNomit
HelloA quick question on the back of this pleaseI can see in the logs after a saml login....2017-02-14 16:49:08.772 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Processing profile attribute org.opensaml.saml.saml2.core.impl.AttributeImpl@1a00ef3b2017-02-14 16:49:08.773 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Adding attribute value Muse for attribute sn2017-02-14 16:49:08.773 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.profile.SAML2Profile : no conversion => key: urn:oid:2.5.4.4 / value: [Muse] / class java.util.ArrayList2017-02-14 16:49:08.774 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Processing profile attribute org.opensaml.saml.saml2.core.impl.AttributeImpl@154ad7522017-02-14 16:49:08.775 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Adding attribute value stu...@sheffield.ac.uk for attribute eduPersonScopedAffiliation2017-02-14 16:49:08.776 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Adding attribute value mem...@sheffield.ac.uk for attribute eduPersonScopedAffiliation2017-02-14 16:49:08.776 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.profile.SAML2Profile : no conversion => key: urn:oid:1.3.6.1.4.1.5923.1.1.1.9 / value: [stu...@sheffield.ac.uk, mem...@sheffield.ac.uk] / class java.util.ArrayList2017-02-14 16:49:08.776 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Processing profile attribute org.opensaml.saml.saml2.core.impl.AttributeImpl@3232c3842017-02-14 16:49:08.777 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Adding attribute value Freddo for attribute givenName2017-02-14 16:49:08.777 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.profile.SAML2Profile : no conversion => key: urn:oid:2.5.4.42 / value: [Freddo] / class java.util.ArrayList2017-02-14 16:49:08.777 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Processing profile attribute org.opensaml.saml.saml2.core.impl.AttributeImpl@786e70db2017-02-14 16:49:08.777 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Adding attribute value 1fclRh5L0f2R0dzwvZMdVNpVTdQ= for attribute eduPersonTargetedID2017-02-14 16:49:08.777 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.profile.SAML2Profile : no conversion => key: urn:oid:1.3.6.1.4.1.5923.1.1.1.10 / value: [1fclRh5L0f2R0dzwvZMdVNpVTdQ=] / class java.util.ArrayList2017-02-14 16:49:08.777 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Processing profile attribute org.opensaml.saml.saml2.core.impl.AttributeImpl@658a21da2017-02-14 16:49:08.777 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Adding attribute value mda05fmtyr for attribute eduPersonPrincipalNameUnscoped2017-02-14 16:49:08.777 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.profile.SAML2Profile : no conversion => key: urn:oid:1.3.6.1.4.1.5923.1.1.1.6.1 / value: [mda05fmtyr] / class java.util.ArrayList2017-02-14 16:49:08.778 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Processing profile attribute org.opensaml.saml.saml2.core.impl.AttributeImpl@26399a7e2017-02-14 16:49:08.779 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.client.SAML2Client : Adding attribute value mda05...@sheffield.ac.uk for attribute mail2017-02-14 16:49:08.779 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.profile.SAML2Profile : no conversion => key: urn:oid:0.9.2342.19200300.100.1.3 / value: [mda05...@sheffield.ac.uk] / class java.util.ArrayList2017-02-14 16:49:08.864 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.profile.SAML2Profile : no conversion => key: notBefore / value: 2017-02-14T16:49:08.038Z / class org.joda.time.DateTime2017-02-14 16:49:08.865 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] org.pac4j.saml.profile.SAML2Profile : no conversion => key: notOnOrAfter / value: 2017-02-14T16:54:08.038Z / class org.joda.time.DateTime2017-02-14 16:49:08.866 DEBUG query-string: 37297 --- [http-nio-8080-exec-4] o.p.c.e.J2ERenewSessionCallbackLogic : profile: #SAML2Profile# | id: _75c89eba44436ed82bb9846bd70cedf7 | attributes: {urn:oid:0.9.2342.19200300.100.1.3=[mda05fmtyr@sheffield.ac.uk], urn:oid:1.3.6.1.4.1.5923.1.1.1.6.1=[mda05fmtyr], notOnOrAfter=2017-02-14T16:54:08.038Z, urn:oid:2.5.4.42=[Freddo], urn:oid:1.3.6.1.4.1.5923.1.1.1.10=[1fclRh5L0f2R0dzwvZMdVNpVTdQ=], urn:oid:2.5.4.4=[Muse], urn:oid:1.3.6.1.4.1.5923.1.1.1.9=[stu...@sheffield.ac.uk, mem...@sheffield.ac.uk], sessionindex=a034a5ed79e0641b6c10b63969435b596652504a8e1b72a7bb8fb46138fb486b, notBefore=2017-02-14T16:49:08.038Z} | roles: [] | permissions: [] | isRemembered: false |what code wold I call to get the value from the log line:"Adding attribute value mda05fmtyr for attribute eduPersonPrincipalNameUnscoped"I triedif (auth != null && auth instanceof Pac4jAuthentication) {
Pac4jAuthentication token = (Pac4jAuthentication) auth;
CommonProfile profile = token.getProfile();
SAML2Profile saml2Profile = (SAML2Profile) profile;
LOG.info("SEC4 " + saml2Profile.getAttribute("eduPersonPrincipalNameUnscoped"));
}but that returns null
CheersNomit
On Thursday, 17 November 2016 16:42:42 UTC, Nomit Babraa wrote: