Hi I setup jasig-cas-4.2.6 and I can login successful in cas-side but in my client I get login successful but phpCAS::getAttributes() no return my attribute such as mail and givenName
deployerConfigContext.xml is: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:context="http://www.springframework.org/schema/context"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:c="http://www.springframework.org/schema/c"; xmlns:aop="http://www.springframework.org/schema/aop"; xmlns:tx="http://www.springframework.org/schema/tx"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:sec="http://www.springframework.org/schema/security"; xmlns:ldaptive="http://www.ldaptive.org/schema/spring-ext"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.ldaptive.org/schema/spring-ext http://www.ldaptive.org/schema/spring-ext.xsd";> <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" c:authenticator-ref="authenticator"> <property name="principalAttributeMap"> <map> <entry key="givenName" value="firstName"/> <entry key="mail" value="email"/> </map> </property> </bean> <util:map id="authenticationHandlersResolvers"> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <entry key-ref="ldapAuthenticationHandler" value="#{null}" /> </util:map> <util:list id="authenticationMetadataPopulators"> <ref bean="successfulHandlerMetaDataPopulator" /> <ref bean="rememberMeAuthenticationMetaDataPopulator" /> </util:list> <alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" /> <alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" /> <bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao" p:backingMap-ref="attrRepoBackingMap" /> <util:map id="attrRepoBackingMap"> <entry key="givenName" value="firstName"/> <entry key="mail" value="email"/> <entry> <key><value>memberOf</value></key> <list> <value>faculty</value> <value>staff</value> <value>org</value> </list> </entry> </util:map> <alias name="serviceThemeResolver" alias="themeResolver" /> <alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" /> <alias name="defaultTicketRegistry" alias="ticketRegistry" /> <alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" /> <alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" /> <alias name="anyAuthenticationPolicy" alias="authenticationPolicy" /> <alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" /> <bean id="auditTrailManager" class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" p:entrySeparator="${cas.audit.singleline.separator:|}" p:useSingleLine="${cas.audit.singleline:false}"/> <alias name="neverThrottle" alias="authenticationThrottle" /> <util:list id="monitorsList"> <ref bean="memoryMonitor" /> <ref bean="sessionMonitor" /> </util:list> <alias name="defaultPrincipalFactory" alias="principalFactory" /> <alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" /> <alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" /> <alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" /> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" p:registeredServices-ref="registeredServicesList" /> <util:list id="registeredServicesList"> <bean class="org.jasig.cas.services.RegexRegisteredService" p:id="1" p:name="sso" p:serviceId="^(https?|imaps?|http?)://.*" p:description="sso cas" p:evaluationOrder="0" > <property name="attributeReleasePolicy"> <bean class="org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy"> <property name="allowedAttributes"> <list> <value>mail</value> <value>givenName</value> </list> </property> </bean> </property> </bean> </util:list> <ldaptive:ad-authenticator id="authenticator" ldapUrl="xxxx" baseDn="xxxxxx" userFilter="xx" bindDn="xxxxx" bindCredential="xxxxxxxx" connectTimeout="5000" useStartTLS="false" blockWaitTime="3000" maxPoolSize="10" allowMultipleDns="false" minPoolSize="1" validateOnCheckOut="false" validatePeriodically="true" validatePeriod="300" idleTime="600" prunePeriod="300" failFastInitialize="false" subtreeSearch="true" useSSL="false" /> </beans> and my json file is: .... "attributeReleasePolicy" : { "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", "principalAttributesRepository" : { "@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository" } "allowedAttributes" : [ "java.util.ArrayList", [ "mail", "givenName"] ] "authorizedToReleaseCredentialPassword" : false, "authorizedToReleaseProxyGrantingTicket" : false }, ... and in client side i have: phpCAS::client(CAS_VERSION_3_0,'xxx',443,'cas'); ... $attr = phpCAS::getAttributes(); but my response is (don't involve my attribute mail and givenName) : <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> AEF4 .| | | | | | <cas:authenticationSuccess> AEF4 .| | | | | | <cas:user>xxx</cas:user> AEF4 .| | | | | | AEF4 .| | | | | | <cas:attributes> AEF4 .| | | | | | AEF4 .| | | | | | <cas:LdapAuthenticationHandler.dn>xxxxxxxxx</cas:LdapAuthenticationHandler.dn> AEF4 .| | | | | | AEF4 .| | | | | | <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed> AEF4 .| | | | | | AEF4 .| | | | | | <cas:isFromNewLogin>true</cas:isFromNewLogin> AEF4 .| | | | | | AEF4 .| | | | | | <cas:authenticationDate>2017-02-01T10:46:15.737+03:30</cas:authenticationDate> AEF4 .| | | | | | AEF4 .| | | | | | AEF4 .| | | | | | </cas:attributes> AEF4 .| | | | | | AEF4 .| | | | | | </cas:authenticationSuccess> AEF4 .| | | | | | </cas:serviceResponse> please help me. thanks in advance. On Monday, October 17, 2016 at 11:42:48 AM UTC+3:30, Brandon Martin wrote: > > Fantastic! Than you much Dan! > > > > On Oct 15, 2016, at 9:58 AM, Dan Roque <[email protected] <javascript:>> > wrote: > > Hi Brandon, > > Here is a repost of both files you requested. They shouldn't expire now. > > deployerConfigContext.xml - http://pastebin.com/m9JypyUB > cas.properties - http://pastebin.com/DvvA08Yi > > Dan > > On Friday, October 14, 2016 at 2:52:59 PM UTC-4, Brandon Martin wrote: >> >> I'm currently trying to set this up, I have everything working except >> LDAP authentication. I'd love to see the deployerContextConfig.xml you >> posted here but the link is now dead. >> >> On Tuesday, October 4, 2016 at 3:26:52 PM UTC-7, Dan Roque wrote: >>> >>> Hi Hank, >>> >>> Here are my working files using CAS 4.2.6 and Active Directory LDAP >>> (domain info redacted) >>> >>> deployerConfigContext.xml - http://pastebin.com/AnZJRpSw >>> cas.properties - http://pastebin.com/AnZJRpSw >>> >>> Note: This requires the ldaptive libraries in order to work properly. >>> >>> http://www.ldaptive.org/download.html >>> >>> Dan >>> >>> On Tuesday, October 4, 2016 at 5:48:35 PM UTC-4, Hank Foss wrote: >>>> >>>> Also, there was no response when I ran: >>>> >>>> $ netstat -c -t | grep -e $NAME_OF_YOUR_DIRECTORY_HOST >>>> >>>> >>>> >>>> On Friday, September 30, 2016 at 4:17:24 PM UTC-4, Hank Foss wrote: >>>>> >>>>> Thanks to the documentation, I've been able to get far with the CAS >>>>> build so far, but LDAP has been a bit of a challenge so far. >>>>> >>>>> I followed this link to the letter: >>>>> >>>>> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html >>>>> Then I re-ran maven by running* mvn install package*, reloaded WAR >>>>> file, and restarted Tomcat - not much luck so far. >>>>> >>>>> What is good is that the log file cas.log has shown the source IP and >>>>> attempting logon username. So that's a step in the right direction: at >>>>> least it's showing the failure! >>>>> >>>>> The local user casuser / Mellon logons are successful, and the cas.log >>>>> shows that too. >>>>> >>>>> Any advice on LDAP configuration on CAS 4.2.5 is greatly appreciated. >>>>> >>>>> >>>>> Thanks, >>>>> Hank >>>>> >>>> -- > CAS gitter chatroom: https://gitter.im/apereo/cas > CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > CAS documentation website: https://apereo.github.io/cas > CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to a topic in the > Google Groups "CAS Community" group. > To unsubscribe from this topic, visit > https://groups.google.com/a/apereo.org/d/topic/cas-user/r6ELh0dNDDs/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > [email protected] <javascript:>. > To post to this group, send email to [email protected] <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/835c4bb6-b4b7-434e-b6e8-265e0ac1b2d4%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/835c4bb6-b4b7-434e-b6e8-265e0ac1b2d4%40apereo.org?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > CAS gitter chatroom: https://gitter.im/apereo/cas > CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > CAS documentation website: https://apereo.github.io/cas > CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected] <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/90BDF397-A2F7-44F1-9552-792E27DD1902%40edtools.psd401.net > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/90BDF397-A2F7-44F1-9552-792E27DD1902%40edtools.psd401.net?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ed5a6c3b-68c4-4edf-b23a-99b513dd38e3%40googlegroups.com.
