[cas-user] OpenId protocol & Attribute Exchange

Mon, 04 Jul 2016 06:39:34 -0700 

Hello,

I'm trying to configure CAS server based on a 4.2.0 version as an OpenId 
provider ; for now I was able to use the OpenId enpoint by following the 
documentation available here[1], with some customizations to add some 
attributes on the user (uid, email, ... which are stored onto an openLDAP 
server on each users' entry).

I tried to dig in the code to see if there was a way of providing these 
extra attributes (that - if my understandings of the openid protocol 
internals are correct - should appear in openid.ax.*=... in the return_to 
url), wiring some beans to do so, but with no luck. From what I can see 
while debugging, the attributes are correctly resolved from the LDAP (I can 
see them in the Principal object after successful authentication), but they 
are not "released" in the return_to url.

Here is a snippet in my deployerConfigContext.xml to resolve my extra 
attributes:

    <bean id="attributeRepository" 
class="org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao">
        <property name="baseDN" value="${ldap.authn.userSearchBaseDn}" />
        <property name="searchFilter" value="uid={0}" />
        <property name="unmappedUsernameAttribute" value="uid" />
        <property name="searchControls">
            <bean class="javax.naming.directory.SearchControls" />
        </property>
        <property name="connectionFactory" ref="connectionFactory" />
        <property name="resultAttributeMapping">
            <util:map>
                <entry key="uid" value="identifier" />
                <entry key="mail" value="email" />
                <entry key="cn" value="fullname" />
                <entry key="sn" value="lastname" />   
            </util:map>        
        </property>
    </bean>

Am I missing something ? Best regards,

[1] https://apereo.github.io/cas/4.2.x/protocol/OpenID-Protocol.html

-- Pierre

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a927f769-c16b-40f6-a8ef-175bd9fe8bc1%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Reply via email to