Thanks Misagh/Petr, I followed Misagh's instruction and it works like a charm. It was very helpful!
Thanks again! On Thu, Mar 3, 2016 at 8:28 PM, Misagh Moayyed <[email protected]> wrote: > Your configuration is not clear on what you intend to do. By my reading, > looks like the problem is you are getting static attributes rather than > what’s defined in LDAP? If so, it’s because of this: > > <entry key-ref="ldapAuthenticationHandler" > value-ref="primaryPrincipalResolver" /> > > What you’re saying there is, authenticate via ldap, then retrieve my > attributes defined by the resolver (which are static because this resolver > is connected to your static source). Your other handler right below it is > never involved, because this one simply succeeds. > > So: > > Turn this: > <entry key-ref="ldapAuthenticationHandler" > value-ref="primaryPrincipalResolver" /> > <entry key-ref="primaryAuthenticationHandler" value="#{null}" /> > > Into this: > <entry key-ref="ldapAuthenticationHandler" value="#{null}" /> > > Now, if you wish to get attributes from LDAP AND from a static config that > is also possible. But not this way. > > Note that “principalAttributeMap” of your handler can be a list too. If > you don’t have any special mappings, you can turn that map into a list. > Easier to read. > > Misagh > > From: David Lee <[email protected]> <[email protected]> > Reply: David Lee <[email protected]> <[email protected]> > Date: March 3, 2016 at 7:11:26 AM > To: CAS Community <[email protected]> <[email protected]> > CC: [email protected] <[email protected]> > <[email protected]>, [email protected] > <[email protected]> <[email protected]> > Subject: Re: [cas-user] principal attributes from ldap in CAS 4.2 > > I'm struggling with the same problem.. > > <!-- See > http://jasig.github.io/cas/development/installation/LDAP-Authentication.html > --> > > <bean id="ldapAuthenticationHandler" > class="org.jasig.cas.authentication.LdapAuthenticationHandler" > p:principalIdAttribute="mail"> > > <constructor-arg ref="authenticator" /> > > <property name="principalAttributeMap"> > > <map> > > <!-- > > | This map provides a simple attribute > resolution mechanism. > > | Keys are LDAP attribute names, values > are CAS attribute names. > > | This facility can be used instead or > in addition to PrincipalResolver > > | components. > > --> > > <entry key="member" value="memberOf" /> > > <entry key="eduPersonAffiliation" value= > "affiliation" /> > > <entry key="mail" value="mail" /> > > <entry key="displayName" value= > "displayName" /> > > <entry key="cn" value="cn" /> > > <entry key="sn" value="sn" /> > > <entry key="entryUUID" value="entryUUID" > /> > > </map> > > </property> > > </bean> > > > Like above I added additional entries I would like to retrieve from LDAP, > and it works, but looks like the attributes generated by SimplePrinciple > was overwritten by the below, > > > > <bean id="attributeRepository" class= > "org.jasig.services.persondir.support.NamedStubPersonAttributeDao" > > p:backingMap-ref="attrRepoBackingMap" /> > > <util:map id="attrRepoBackingMap"> > > <entry key="uid" value="uid" /> > > <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> > > <entry key="groupMembership" value="groupMembership" /> > > <entry key="mail" value="mail" /> > > <entry key="cn" value="cn" /> > > <entry key="sn" value="sn" /> > > <entry> > > <key><value>memberOf</value></key> > > <list> > > <value>faculty</value> > > <value>staff</value> > > <value>org</value> > > </list> > > </entry> > > </util:map> > > > So when I tried to get the attributes in the CAS client as below, > > > AttributePrincipal principal = > (AttributePrincipal)request.getUserPrincipal(); > > > > Map attributes = principal.getAttributes(); > > > > Iterator attributeNames = attributes.keySet().iterator(); > > > It populates static entries defined in the backing map. > > > For your reference, I followed all the posts in this question thread and > did as below, > > > <util:map id="authenticationHandlersResolvers"> > > <entry key-ref="proxyAuthenticationHandler" > value-ref="proxyPrincipalResolver" > /> > > <entry key-ref="ldapAuthenticationHandler" > value-ref="primaryPrincipalResolver" > /> > > <entry key-ref="primaryAuthenticationHandler" value="#{null}" /> > > </util:map> > > > cas.principal.resolver.persondir.return.null=false // in cas.properties I > did this. > > And added the below to the service JSON file > ... > > "attributeReleasePolicy" : { > > "@class" : > "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", > > "principalAttributesRepository" : { > > "@class" : > "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository" > > }, > > "authorizedToReleaseCredentialPassword" : false, > > "authorizedToReleaseProxyGrantingTicket" : false, > > "allowedAttributes" : [ "java.util.ArrayList", [ "cn", "mail", "sn" ] > ] > > }, > ... > > But it still retrieves the mapped static entries... > > Could you please share how you could get the attributes in the map in > > <bean id="ldapAuthenticationHandler" > class="org.jasig.cas.authentication.LdapAuthenticationHandler" > p:principalIdAttribute="mail"> > > <constructor-arg ref="authenticator" /> > > <property name="principalAttributeMap"> > > <map> > > <!-- > > | This map provides a simple attribute > resolution mechanism. > > | Keys are LDAP attribute names, values > are CAS attribute names. > > | This facility can be used instead or > in addition to PrincipalResolver > > | components. > > --> > > <entry key="member" value="memberOf" /> > > <entry key="eduPersonAffiliation" value= > "affiliation" /> > > <entry key="mail" value="mail" /> > > <entry key="displayName" value= > "displayName" /> > > <entry key="cn" value="cn" /> > > <entry key="sn" value="sn" /> > > <entry key="entryUUID" value="entryUUID" > /> > > </map> > > </property> > > </bean> > > > Thanks in advance. > > > On Monday, February 8, 2016 at 6:34:55 PM UTC+9, Mikko Tuumanen wrote: >> >> Study >>> http://jasig.github.io/cas/4.2.x/installation/Configuring-Principal-Resolution.html#principalresolver-vs-authenticationhandler >>> >>> >>> >> >> <entry key-ref="primaryAuthenticationHandler" value-ref="#{null}" /> >> >> causes >> >> Caused by: org.springframework.beans.factory.BeanCreationException: Error >> creating >> bean with name 'authenticationHandlersResolvers': Cannot resolve >> reference to bean '#{null}' while setting bean property 'sourceMap' with >> key [<primaryAuthenticationHandler>]; nested exception is org. >> springframework.beans.factory.NoSuchBeanDefinitionException: No bean >> named 'null' is defined >> >> >> >> -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
