Hi Gopi and Joachim, I mixed your proposals and tested. Here is the JSP now :
<%@ page session="false" %><%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core %><%@ taglib uri="http://java.sun.com/jsp/jstl/functions prefix="fn" %><cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas <cas:authenticationSuccess> <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user> <cas:attributes> <c:forEach var="attr" items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"> <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.value)}> </c:forEach> </cas:attributes> <c:if test="${not empty pgtIou}"> <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket> </c:if> <c:if test="${fn:length(assertion.chainedAuthentications) > 1}"> <cas:proxies> <c:forEach var="proxy" items="${assertion.chainedAuthentications}" varStatus="loopStatus" begin="0" end="${fn:length(assertion.chainedAuthentications)-2}" step="1"> <cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy> </c:forEach> </cas:proxies> </c:if> </cas:authenticationSuccess> </cas:serviceResponse> For PHPCas, it now get an error but I think that is because my domain isn't configured. But, with my java webapp, I can login and still no attributes. For informations, here is the Java code : Assertion assertion1 = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION); %> <dl> <dt>Principal:</dt> <dd><%= assertion1.getPrincipal().getName() %></dd> <dt>Valid from:</dt> <dd><%= assertion1.getValidFromDate() %></dd> <dt>Valid until:</dt> <dd><%= assertion1.getValidUntilDate() %></dd> <dt>Attributes:</dt> <dd> <dl> <% Iterator it1 = assertion1.getAttributes().entrySet().iterator(); while (it1.hasNext()) { Map.Entry entry = (Map.Entry) it1.next(); out.println("<dt>"+entry.getKey()+"</dt>"); out.println("<dd>"+entry.getValue()+"</dd>"); } %> </dl> </dd> </dl> And this is what is appearing in my cas logs: INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: mickael.terracol.2]> DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Attempting to resolve a principal...> DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Attempting to resolve a principal...> DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Creating SimplePrincipal for [m.ol.2]> DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Resolved m.ol.2. Trying LDAP resolve now...> DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <LDAP search with filter "(ENTPersonLogin=m.ol.2)"> DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <returning searchcontrols: scope=2; search base=ou=people,dc=ent,dc=fr; attributes=[ENTPersonLogin]; timeout=1000> DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Resolved m.ol.2 to m.ol.2> DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Creating SimplePrincipal for [m.ol.2]> INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-12-JDSWWcPdUAM5Ofc6erzt-cas] for service [https://proxy.aps.int:8443/protected/] for user [m.ol.2]> DEBUG [org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler] - <Attempting to resolve credentials for [callbackUrl: https://proxy.aps.int:8443/proxyCallback] INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler successfully authenticated the user which provided the following credentials: [callbackUrl: https://proxy.aps.int:8443/proxyCallback] [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-13-YUyXuDJfloshlQ3k3VbD-cas] for service [https://li.aps.int] for user [https://proxy.aps.int:8443/proxyCallback] INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-14-FUXHnx0E1yn0UlbOnaWl-cas] for service [https://li.aps.int] for user [https://proxy.aps.int:8443/proxyCallback] Thank you for your help Marc On Wed, Mar 17, 2010 at 16:18, Joachim Fritschi <[email protected]> wrote: > Hi, > > attribute release is not a real supported feature in the CAS 2.0 API: > > http://n4.nabble.com/CAS-attributes-and-how-they-appear-in-the-CAS-response-td264272.html > > This thread might be of some help to you. If you are using phpcas you should > simply use the saml API instead of the CAS 2.0 API. > > If you really need attributes in your cas 2.0 answer you have to modify your > casServiceValidationSuccess.jsp. Be aware that there a 2 different common > possibilities to release the attributes: > > <cas:attributes> > <cas:attribute> > <cas:name>${fn:escapeXml(attr.key)}</cas:name> > <cas:value>${fn:escapeXml(attr.value)}</cas:value> > </cas:attribute> > </cas:attributes> > > However, that is not how the Java JA-SIG CAS 3.1.3 client parses them. It > expects them in the form of: > <cas:attributes> > <cas:{attr.key}>attr.value</cas:{attr.key}> > </cas:attributes> > > > I personally use: > > <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user> > <cas:attributes> > <c:forEach var="attr" > > items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"> > > <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}> > </c:forEach> > </cas:attributes> > > > For phpcas i also maintain a experimental feature branch that supports these > kinds of attributes in CAS 2.0. The patch might be included in future phpcas > versions ( 1.1.x ) > > http://www.ja-sig.org/issues/browse/PHPCAS-43 > > Regards, > > Joachim > > > > > Marc Delerue schrieb: >> >> Hello, >> >> I (finaly) managed to make the authentication work using openLdap. I >> know can access my application but I have another problem : >> I try to get some information about the users that are stored in the >> LDAP, so I configured the attributeRepository to get these >> informations and test with 2 applications (a script using phpCAS and >> this demo >> http://www.ja-sig.org/wiki/display/CASC/JA-SIG+Java+Client+Simple+WebApp+Sample >> ). >> >> One more time, the authentication is ok but it seems that attributes >> aren't sent by CAS. >> >> My tomcat/cas logs don't say anything bad (for the moment.) >> >> I put the content of my deployerConfigContext.xml file in the case >> somebody would have an idea. >> >> >> <!-- >> ######################################################################################################################################## >> --> >> <?xml version="1.0" encoding="UTF-8"?> >> >> <beans xmlns="http://www.springframework.org/schema/beans"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xmlns:p="http://www.springframework.org/schema/p"; >> xsi:schemaLocation="http://www.springframework.org/schema/beans >> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd";> >> >> <bean id="authenticationManager" >> >> class="org.jasig.cas.authentication.AuthenticationManagerImpl"> >> >> <property name="credentialsToPrincipalResolvers"> >> <list> >> >> <bean >> >> class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> >> <!-- The Principal resolver form >> the credentials --> >> <property >> name="credentialsToPrincipalResolver"> >> <bean >> >> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >> /> >> </property> >> <!-- >> The query made to find the >> Principal ID. >> "%u" will be replaced by the >> resolved Principal >> --> >> <property name="filter" >> value="(ENTPersonLogin=%u)" /> >> >> <!-- The attribute used to define >> the new Principal ID --> >> >> <property >> name="principalAttributeName" value="ENTPersonLogin" /> >> >> <property name="searchBase" >> value="ou=people,dc=ent,dc=fr" /> >> <property name="contextSource" >> ref="contextSource" /> >> >> <property name="attributeRepository" >> ref="attributeRepository" /> >> >> >> </bean> >> >> >> <bean >> >> class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" >> /> >> </list> >> </property> >> >> <property name="authenticationHandlers"> >> <list> >> <bean >> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" >> p:httpClient-ref="httpClient" /> >> >> <bean >> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > >> <property name="filter" >> value="ENTPersonLogin=%u" /> >> <property name="searchBase" >> value="ou=people,dc=ent,dc=fr" /> >> <property name="contextSource" >> ref="contextSource" /> >> </bean> >> </list> >> </property> >> </bean> >> >> >> <bean id="contextSource" >> class="org.springframework.ldap.core.support.LdapContextSource"> >> <property name="anonymousReadOnly" value="false"/> >> <property name="pooled" value="true"/> >> <property name="urls"> >> <list> >> <!--value>ldaps://localhost/</value--> >> <value>ldap://localhost/</value> >> </list> >> </property> >> <property name="userDn" value="cn=admin,dc=ent,dc=fr"/> <!-- eg >> uid=LdapUser,dc=yourdomain,dc=edu --> >> <property name="password" value="xxxxxx"/> >> <property name="baseEnvironmentProperties"> >> <map> >> <entry key="java.naming.security.authentication" >> value="simple" /> >> </map> >> </property> >> </bean> >> >> >> <bean id="userDetailsService" >> class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> >> <property name="userMap"> >> <value> >> admin=notused,ROLE_ADMIN >> </value> >> </property> >> </bean> >> >> >> >> <bean id="attributeRepository" >> class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> >> <property name="baseDN" value="ou=people,dc=ent,dc=fr" /> >> <property name="contextSource" ref="contextSource" /> >> <property name="requireAllQueryAttributes" value="true" /> >> >> <property name="queryAttributeMapping"> >> <map> >> <entry key="username" value="ENTPersonLogin" /> >> <entry key="uid" value="uid" /> >> <entry key="displayName" value="displayName" /> >> <entry key="sn" value="sn" /> >> </map> >> </property> >> >> <property name="resultAttributeMapping"> >> <map> >> <entry key="givenName" value="givenName"/> >> <entry key="distinguishedName" >> value="distinguishedName" /> >> <entry key="sn" value="sn" /> >> <entry key="uid" value="uid" /> >> <entry key="displayName" value="displayName" /> >> </map> >> </property> >> >> </bean> >> >> <bean >> id="serviceRegistryDao" >> class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> >> <property name="registeredServices"> >> <list> >> >> <bean >> >> class="org.jasig.cas.services.RegisteredServiceImpl" >> p:id="5" >> p:description="App1" >> p:serviceId="*://*.domain.int:*/**" >> p:name="App1" >> p:theme="default" >> p:allowedToProxy="true" >> p:enabled="true" >> p:ssoEnabled="true" >> p:anonymousAccess="false"> >> <property name="allowedAttributes" >> value="sn,uid,displayName"/> >> </bean> >> >> </list> >> </property> >> </bean> >> >> </beans> >> <!-- >> ######################################################################################################################################## >> --> >> >> >> Thank you very much in advance. >> >> Regards >> >> Marc >> > > > -- > Joachim Fritschi > Hochschulrechenzentrum (HRZ) > L1|01 Raum 248 > Petersenstr. 30 > 64287 Darmstadt > > Tel. +49 6151 16-5638 > Fax. +49 6151 16-3050 > E-Mail: [email protected] > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
