Hi, attribute release is not a real supported feature in the CAS 2.0 API:
http://n4.nabble.com/CAS-attributes-and-how-they-appear-in-the-CAS-response-td264272.htmlThis thread might be of some help to you. If you are using phpcas you should simply use the saml API instead of the CAS 2.0 API.
If you really need attributes in your cas 2.0 answer you have to modify your casServiceValidationSuccess.jsp. Be aware that there a 2 different common possibilities to release the attributes:
<cas:attributes>
<cas:attribute>
<cas:name>${fn:escapeXml(attr.key)}</cas:name>
<cas:value>${fn:escapeXml(attr.value)}</cas:value>
</cas:attribute>
</cas:attributes>
However, that is not how the Java JA-SIG CAS 3.1.3 client parses them.
It expects them in the form of:
<cas:attributes>
<cas:{attr.key}>attr.value</cas:{attr.key}>
</cas:attributes>
I personally use:
<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user>
<cas:attributes>
<c:forEach var="attr"
items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}">
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
</c:forEach>
</cas:attributes>
For phpcas i also maintain a experimental feature branch that supports
these kinds of attributes in CAS 2.0. The patch might be included in
future phpcas versions ( 1.1.x )
http://www.ja-sig.org/issues/browse/PHPCAS-43 Regards, Joachim Marc Delerue schrieb:
Hello, I (finaly) managed to make the authentication work using openLdap. I know can access my application but I have another problem : I try to get some information about the users that are stored in the LDAP, so I configured the attributeRepository to get these informations and test with 2 applications (a script using phpCAS and this demo http://www.ja-sig.org/wiki/display/CASC/JA-SIG+Java+Client+Simple+WebApp+Sample ). One more time, the authentication is ok but it seems that attributes aren't sent by CAS. My tomcat/cas logs don't say anything bad (for the moment.) I put the content of my deployerConfigContext.xml file in the case somebody would have an idea. <!-- ######################################################################################################################################## --> <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd";> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> <!-- The Principal resolver form the credentials --> <property name="credentialsToPrincipalResolver"> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> </property> <!-- The query made to find the Principal ID. "%u" will be replaced by the resolved Principal --> <property name="filter" value="(ENTPersonLogin=%u)" /> <!-- The attribute used to define the new Principal ID --> <property name="principalAttributeName" value="ENTPersonLogin" /> <property name="searchBase" value="ou=people,dc=ent,dc=fr" /> <property name="contextSource" ref="contextSource" /> <property name="attributeRepository" ref="attributeRepository" /> </bean> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > <property name="filter" value="ENTPersonLogin=%u" /> <property name="searchBase" value="ou=people,dc=ent,dc=fr" /> <property name="contextSource" ref="contextSource" /> </bean> </list> </property> </bean> <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="anonymousReadOnly" value="false"/> <property name="pooled" value="true"/> <property name="urls"> <list> <!--value>ldaps://localhost/</value--> <value>ldap://localhost/</value> </list> </property> <property name="userDn" value="cn=admin,dc=ent,dc=fr"/> <!-- eg uid=LdapUser,dc=yourdomain,dc=edu --> <property name="password" value="xxxxxx"/> <property name="baseEnvironmentProperties"> <map> <entry key="java.naming.security.authentication" value="simple" /> </map> </property> </bean> <bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> admin=notused,ROLE_ADMIN </value> </property> </bean> <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="baseDN" value="ou=people,dc=ent,dc=fr" /> <property name="contextSource" ref="contextSource" /> <property name="requireAllQueryAttributes" value="true" /> <property name="queryAttributeMapping"> <map> <entry key="username" value="ENTPersonLogin" /> <entry key="uid" value="uid" /> <entry key="displayName" value="displayName" /> <entry key="sn" value="sn" /> </map> </property> <property name="resultAttributeMapping"> <map> <entry key="givenName" value="givenName"/> <entry key="distinguishedName" value="distinguishedName" /> <entry key="sn" value="sn" /> <entry key="uid" value="uid" /> <entry key="displayName" value="displayName" /> </map> </property> </bean> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegisteredServiceImpl" p:id="5" p:description="App1" p:serviceId="*://*.domain.int:*/**" p:name="App1" p:theme="default" p:allowedToProxy="true" p:enabled="true" p:ssoEnabled="true" p:anonymousAccess="false"> <property name="allowedAttributes" value="sn,uid,displayName"/> </bean> </list> </property> </bean> </beans> <!-- ######################################################################################################################################## --> Thank you very much in advance. Regards Marc
-- Joachim Fritschi Hochschulrechenzentrum (HRZ) L1|01 Raum 248 Petersenstr. 30 64287 Darmstadt Tel. +49 6151 16-5638 Fax. +49 6151 16-3050 E-Mail: [email protected]
smime.p7s
Description: S/MIME Cryptographic Signature
