Hello All,
My question is, is there another place, to set up additional attributes,
other than the JSON service definition, attribute release policy, when
using SAML 1.1 response?
I am setting up a CAS 5.0.2 server, I have successfully got it hooked up to
our LDAP server and authenticating. I have successfully gotten working with
our grails 2.5.5 apps.
I then configured the service policy to return attributes, specifically:
"attributeReleasePolicy" : {
"@class": "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes": {
"@class": "java.util.TreeMap",
"xxxPersonUDCID": "UDC_IDENTIFIER",
"uid": "uid",
"mail": "mail",
"eduPersonPrincipalName": "eduPersonPrincipalName",
"eduPersonAffiliation": "eduPersonAffiliation",
"employeeID": "employeeID",
"sn": "sn",
"givenName": "givenName",
"xxxPersonIdmRoles": "xxxPersonIdmRoles"
}
I can see in the logs these attributes are being returned.
When I try to auth via banner XE app, it makes a request to /samlValidate
which returns the following error:
Error Message:
https://casdevinternal.xxx.edu/cas/samlValidate?TARGET=https%3A%2F%2Fxessdev1.xx.edu%3A8446%2FPRDCStudentFacultyGradeEntry%2Fj_spring_cas_security_check
So I add the dependency for SAML to my pom:
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-saml</artifactId>
<version>5.0.2</version>
</dependency>
That solves the 404 and now I see in the logs CAS is returning a SAML 1.1
response, but not my additional attributes:
<?xml version="1.0" encoding="UTF-8"?>
<saml1p:Response xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol"
InResponseTo="xxx.xxx.edu" IssueInstant="2017-02-10T22:12:53.558Z"
MajorVersion="1" MinorVersion="1"
ResponseID="_baa0795a4ed62b994dd3839427602a20">
<saml1p:Status>
<saml1p:StatusCode Value="saml1p:Success"/>
</saml1p:Status>
<saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="_fb1332132e4c49e4cced0e8458f224d7"
IssueInstant="2017-02-10T22:12:53.558Z" Issuer="localhost" MajorVersion="1"
MinorVersion="1">
<saml1:Conditions NotBefore="2017-02-10T22:12:53.558Z"
NotOnOrAfter="2017-02-10T22:13:23.558Z">
<saml1:AudienceRestrictionCondition>
<saml1:Audience>
https://xxx.xxx.edu:8444/PPRDStudentRegistration/j_spring_cas_security_check
</saml1:Audience>
</saml1:AudienceRestrictionCondition>
</saml1:Conditions>
<saml1:AuthenticationStatement
AuthenticationInstant="2017-02-10T22:12:53.380Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<saml1:Subject>
<saml1:NameIdentifier>edelmand</saml1:NameIdentifier>
<saml1:SubjectConfirmation>
<saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</saml1:ConfirmationMethod>
</saml1:SubjectConfirmation>
</saml1:Subject>
</saml1:AuthenticationStatement>
<saml1:AttributeStatement>
<saml1:Subject>
<saml1:NameIdentifier>joesmith</saml1:NameIdentifier>
<saml1:SubjectConfirmation>
<saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</saml1:ConfirmationMethod>
</saml1:SubjectConfirmation>
</saml1:Subject>
<saml1:Attribute AttributeName="samlAuthenticationStatementAuthMethod"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="xsd:string">urn:oasis:names:tc:SAML:1.0:am:password</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute AttributeName="authenticationMethod" AttributeNamespace="
http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="xsd:string">LdapAuthenticationHandler</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute AttributeName="successfulAuthenticationHandlers"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="xsd:string">LdapAuthenticationHandler</saml1:AttributeValue>
</saml1:Attribute>
</saml1:AttributeStatement>
</saml1:Assertion>
</saml1p:Response>>
What configuration am I missing to return additional attributes now that I
have added the SAML dependency?
Thanks for your consideration,
Rob Mars.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACjUCoqGMyD_vVaocxvbkes36eLr_3bEfET1u_evNRVZWgp6TA%40mail.gmail.com.
