Hi I setup jasig-cas-4.2.6 and I can login successful in cas-side but in my client I get login successful but phpCAS::getAttributes() no return my attribute such as mail and givenName
deployerConfigContext.xml is: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:context="http://www.springframework.org/schema/context"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:c="http://www.springframework.org/schema/c"; xmlns:aop="http://www.springframework.org/schema/aop"; xmlns:tx="http://www.springframework.org/schema/tx"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:sec="http://www.springframework.org/schema/security"; xmlns:ldaptive="http://www.ldaptive.org/schema/spring-ext"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.ldaptive.org/schema/spring-ext http://www.ldaptive.org/schema/spring-ext.xsd";> <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" c:authenticator-ref="authenticator"> <property name="principalAttributeMap"> <map> <entry key="givenName" value="firstName"/> <entry key="mail" value="email"/> </map> </property> </bean> <util:map id="authenticationHandlersResolvers"> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <entry key-ref="ldapAuthenticationHandler" value="#{null}" /> </util:map> <util:list id="authenticationMetadataPopulators"> <ref bean="successfulHandlerMetaDataPopulator" /> <ref bean="rememberMeAuthenticationMetaDataPopulator" /> </util:list> <alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" /> <alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" /> <bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao" p:backingMap-ref="attrRepoBackingMap" /> <util:map id="attrRepoBackingMap"> <entry key="givenName" value="firstName"/> <entry key="mail" value="email"/> <entry> <key><value>memberOf</value></key> <list> <value>faculty</value> <value>staff</value> <value>org</value> </list> </entry> </util:map> <alias name="serviceThemeResolver" alias="themeResolver" /> <alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" /> <alias name="defaultTicketRegistry" alias="ticketRegistry" /> <alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" /> <alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" /> <alias name="anyAuthenticationPolicy" alias="authenticationPolicy" /> <alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" /> <bean id="auditTrailManager" class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" p:entrySeparator="${cas.audit.singleline.separator:|}" p:useSingleLine="${cas.audit.singleline:false}"/> <alias name="neverThrottle" alias="authenticationThrottle" /> <util:list id="monitorsList"> <ref bean="memoryMonitor" /> <ref bean="sessionMonitor" /> </util:list> <alias name="defaultPrincipalFactory" alias="principalFactory" /> <alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" /> <alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" /> <alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" /> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" p:registeredServices-ref="registeredServicesList" /> <util:list id="registeredServicesList"> <bean class="org.jasig.cas.services.RegexRegisteredService" p:id="1" p:name="sso" p:serviceId="^(https?|imaps?|http?)://.*" p:description="sso cas" p:evaluationOrder="0" > <property name="attributeReleasePolicy"> <bean class="org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy"> <property name="allowedAttributes"> <list> <value>mail</value> <value>givenName</value> </list> </property> </bean> </property> </bean> </util:list> <ldaptive:ad-authenticator id="authenticator" ldapUrl="xxxx" baseDn="xxxxxx" userFilter="xx" bindDn="xxxxx" bindCredential="xxxxxxxx" connectTimeout="5000" useStartTLS="false" blockWaitTime="3000" maxPoolSize="10" allowMultipleDns="false" minPoolSize="1" validateOnCheckOut="false" validatePeriodically="true" validatePeriod="300" idleTime="600" prunePeriod="300" failFastInitialize="false" subtreeSearch="true" useSSL="false" /> </beans> and my json file is: .... "attributeReleasePolicy" : { "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", "principalAttributesRepository" : { "@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository" } "allowedAttributes" : [ "java.util.ArrayList", [ "mail", "givenName"] ] "authorizedToReleaseCredentialPassword" : false, "authorizedToReleaseProxyGrantingTicket" : false }, ... and in client side i have: phpCAS::client(CAS_VERSION_3_0,'xxx',443,'cas'); ... $attr = phpCAS::getAttributes(); but my response is (don't involve my attribute mail and givenName) : <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> AEF4 .| | | | | | <cas:authenticationSuccess> AEF4 .| | | | | | <cas:user>xxx</cas:user> AEF4 .| | | | | | AEF4 .| | | | | | <cas:attributes> AEF4 .| | | | | | AEF4 .| | | | | | <cas:LdapAuthenticationHandler.dn>xxxxxxxxx</cas:LdapAuthenticationHandler.dn> AEF4 .| | | | | | AEF4 .| | | | | | <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed> AEF4 .| | | | | | AEF4 .| | | | | | <cas:isFromNewLogin>true</cas:isFromNewLogin> AEF4 .| | | | | | AEF4 .| | | | | | <cas:authenticationDate>2017-02-01T10:46:15.737+03:30</cas:authenticationDate> AEF4 .| | | | | | AEF4 .| | | | | | AEF4 .| | | | | | </cas:attributes> AEF4 .| | | | | | AEF4 .| | | | | | </cas:authenticationSuccess> AEF4 .| | | | | | </cas:serviceResponse> please help me. thanks in advance. On Monday, July 18, 2016 at 9:44:10 AM UTC+3:30, Misagh Moayyed wrote: > > Have you followed this doc? > > https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html#configuration > > > > Specially the part that says "If you do decide to let the authentication > handler retrieve attributes instead of a separate principal resolver, you > will need to….” Sounds like what you were asking. > > > > -- > Misagh > > From: Nick Couchman <[email protected]> <javascript:> > Reply: Nick Couchman <[email protected]> <javascript:> > Date: July 17, 2016 at 6:57:34 PM > To: CAS Community <[email protected]> <javascript:> > Subject: [cas-user] Attributes from LDAP Authentication Handler > > I'm having a really hard time figuring out the proper > deployerContextConfiguration.xml settings to get LDAP attributes from the > existing LDAP Authentication Handler rather than having to set up a > separate LDAP Directory search for attributes. I've found several > references to how to set it up, but they seem to assume some knowledge that > I don't have. My current config is below, and, based on this config, all of > the attributes show up with empty values because it's using the stub driver > with the backing map, which has blank values. Can anyone tell me what I > need to change to get LDAP attributes out of the ldapAuthenticationHandler > and not have to set up a separate LDAP Directory connection for retrieving > them? > > Thanks - Nick > > ==Begin Config== > > <?xml version="1.0" encoding="UTF-8"?> > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:context="http://www.springframework.org/schema/context"; > xmlns:p="http://www.springframework.org/schema/p"; > xmlns:c="http://www.springframework.org/schema/c"; > xmlns:aop="http://www.springframework.org/schema/aop"; > xmlns:tx="http://www.springframework.org/schema/tx"; > xmlns:util="http://www.springframework.org/schema/util"; > xmlns:sec="http://www.springframework.org/schema/security"; > xmlns:ldaptive="http://www.ldaptive.org/schema/spring-ext"; > xsi:schemaLocation="http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans.xsd > http://www.springframework.org/schema/tx > http://www.springframework.org/schema/tx/spring-tx.xsd > http://www.springframework.org/schema/aop > http://www.springframework.org/schema/aop/spring-aop.xsd > http://www.springframework.org/schema/context > http://www.springframework.org/schema/context/spring-context.xsd > http://www.springframework.org/schema/security > http://www.springframework.org/schema/security/spring-security.xsd > http://www.springframework.org/schema/util > http://www.springframework.org/schema/util/spring-util.xsd > http://www.ldaptive.org/schema/spring-ext > http://www.ldaptive.org/schema/spring-ext.xsd";> > > > > > <util:map id="authenticationHandlersResolvers"> > <entry key-ref="ldapAuthenticationHandler" > value-ref="primaryPrincipalResolver" /> > <entry key-ref="proxyAuthenticationHandler" > value-ref="proxyPrincipalResolver" /> > <entry key-ref="primaryAuthenticationHandler" value="#{null}" /> > </util:map> > > > <util:list id="authenticationMetadataPopulators"> > <ref bean="successfulHandlerMetaDataPopulator" /> > <ref bean="rememberMeAuthenticationMetaDataPopulator" /> > </util:list> > > > <bean id="attributeRepository" > class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao" > p:backingMap-ref="attrRepoBackingMap" /> > > > <alias name="acceptUsersAuthenticationHandler" > alias="primaryAuthenticationHandler" /> > <alias name="personDirectoryPrincipalResolver" > alias="primaryPrincipalResolver" /> > > > <util:map id="attrRepoBackingMap"> > <entry key="displayName" value="" /> > <entry key="mail" value="" /> > <entry key="groupMembership" value="" /> > <entry key="cn" value="" /> > <entry key="givenName" value="" /> > <entry key="sn" value="" /> > <entry key="uid" value="" /> > <entry key="uidNumber" value="" /> > <entry key="gidNumber" value="" /> > </util:map> > > > <alias name="serviceThemeResolver" alias="themeResolver" /> > > > <alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" /> > > > <alias name="defaultTicketRegistry" alias="ticketRegistry" /> > > > <alias name="ticketGrantingTicketExpirationPolicy" > alias="grantingTicketExpirationPolicy" /> > <alias name="multiTimeUseOrTimeoutExpirationPolicy" > alias="serviceTicketExpirationPolicy" /> > > > <alias name="anyAuthenticationPolicy" alias="authenticationPolicy" /> > <alias name="acceptAnyAuthenticationPolicyFactory" > alias="authenticationPolicyFactory" /> > > > <bean id="auditTrailManager" > class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" > p:entrySeparator="${cas.audit.singleline.separator:|}" > p:useSingleLine="${cas.audit.singleline:false}"/> > > > <alias name="neverThrottle" alias="authenticationThrottle" /> > > > <util:list id="monitorsList"> > <ref bean="memoryMonitor" /> > <ref bean="sessionMonitor" /> > </util:list> > > > <alias name="defaultPrincipalFactory" alias="principalFactory" /> > <alias name="defaultAuthenticationTransactionManager" > alias="authenticationTransactionManager" /> > <alias name="defaultPrincipalElectionStrategy" > alias="principalElectionStrategy" /> > <alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" /> > <bean id="ldapAuthenticationHandler" > class="org.jasig.cas.authentication.LdapAuthenticationHandler" > p:principalIdAttribute="mail" > c:authenticator-ref="authenticator"> > <property name="principalAttributeMap"> > <map> > <entry key="displayName" value="simpleName" /> > <entry key="mail" value="email" /> > <entry key="groupMembership" value="membership" /> > <entry key="cn" value="cn" /> > <entry key="givenName" value="givenName" /> > <entry key="sn" value="sn" /> > <entry key="uid" value="uid" /> > <entry key="uidNumber" value="uidNumber" /> > <entry key="gidNumber" value="gidNumber" /> > </map> > </property> > </bean> > <ldaptive:anonymous-search-authenticator id="authenticator" > ldapUrl="${ldap.url}" > connectTimeout="${ldap.connectTimeout}" > validateOnCheckOut="${ldap.pool.validateOnCheckout}" > failFastInitialize="true" > blockWaitTime="${ldap.pool.blockWaitTime}" > idleTime="${ldap.pool.idleTime}" > maxPoolSize="${ldap.pool.maxSize}" > minPoolSize="${ldap.pool.minSize}" > validatePeriodically="${ldap.pool.validatePeriodically}" > validatePeriod="${ldap.pool.validatePeriod}" > prunePeriod="${ldap.pool.prunePeriod}" > useSSL="${ldap.use.ssl:false}" > useStartTLS="${ldap.useStartTLS}" > usePasswordPolicy="${ldap.usePpolicy:true}" > allowMultipleDns="${ldap.allowMultipleDns:false}" > baseDn="${ldap.baseDn}" > subtreeSearch="${ldap.subtree.search:true}" > userFilter="${ldap.authn.searchFilter}" > /> > </beans> > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected] <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. > > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/2211f8aa-50ac-49d2-a42b-4cb37e323d3a%40apereo.org. > > > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected] <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.578c73a5.185532a6.184f0%40unicon.net > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.578c73a5.185532a6.184f0%40unicon.net?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/29f0888f-f613-481b-bcf5-f0eb00ad99a3%40googlegroups.com.
