Hi I setup jasig-cas-4.2.6 and I can login successful in cas-side but in my client I get login successful but phpCAS::getAttributes() no return my attribute such as mail and givenName
deployerConfigContext.xml is: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:context="http://www.springframework.org/schema/context"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:c="http://www.springframework.org/schema/c"; xmlns:aop="http://www.springframework.org/schema/aop"; xmlns:tx="http://www.springframework.org/schema/tx"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:sec="http://www.springframework.org/schema/security"; xmlns:ldaptive="http://www.ldaptive.org/schema/spring-ext"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.ldaptive.org/schema/spring-ext http://www.ldaptive.org/schema/spring-ext.xsd";> <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" c:authenticator-ref="authenticator"> <property name="principalAttributeMap"> <map> <entry key="givenName" value="firstName"/> <entry key="mail" value="email"/> </map> </property> </bean> <util:map id="authenticationHandlersResolvers"> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <entry key-ref="ldapAuthenticationHandler" value="#{null}" /> </util:map> <util:list id="authenticationMetadataPopulators"> <ref bean="successfulHandlerMetaDataPopulator" /> <ref bean="rememberMeAuthenticationMetaDataPopulator" /> </util:list> <alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" /> <alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" /> <bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao" p:backingMap-ref="attrRepoBackingMap" /> <util:map id="attrRepoBackingMap"> <entry key="givenName" value="firstName"/> <entry key="mail" value="email"/> <entry> <key><value>memberOf</value></key> <list> <value>faculty</value> <value>staff</value> <value>org</value> </list> </entry> </util:map> <alias name="serviceThemeResolver" alias="themeResolver" /> <alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" /> <alias name="defaultTicketRegistry" alias="ticketRegistry" /> <alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" /> <alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" /> <alias name="anyAuthenticationPolicy" alias="authenticationPolicy" /> <alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" /> <bean id="auditTrailManager" class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" p:entrySeparator="${cas.audit.singleline.separator:|}" p:useSingleLine="${cas.audit.singleline:false}"/> <alias name="neverThrottle" alias="authenticationThrottle" /> <util:list id="monitorsList"> <ref bean="memoryMonitor" /> <ref bean="sessionMonitor" /> </util:list> <alias name="defaultPrincipalFactory" alias="principalFactory" /> <alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" /> <alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" /> <alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" /> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" p:registeredServices-ref="registeredServicesList" /> <util:list id="registeredServicesList"> <bean class="org.jasig.cas.services.RegexRegisteredService" p:id="1" p:name="sso" p:serviceId="^(https?|imaps?|http?)://.*" p:description="sso cas" p:evaluationOrder="0" > <property name="attributeReleasePolicy"> <bean class="org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy"> <property name="allowedAttributes"> <list> <value>mail</value> <value>givenName</value> </list> </property> </bean> </property> </bean> </util:list> <ldaptive:ad-authenticator id="authenticator" ldapUrl="xxxx" baseDn="xxxxxx" userFilter="xx" bindDn="xxxxx" bindCredential="xxxxxxxx" connectTimeout="5000" useStartTLS="false" blockWaitTime="3000" maxPoolSize="10" allowMultipleDns="false" minPoolSize="1" validateOnCheckOut="false" validatePeriodically="true" validatePeriod="300" idleTime="600" prunePeriod="300" failFastInitialize="false" subtreeSearch="true" useSSL="false" /> </beans> and my json file is: .... "attributeReleasePolicy" : { "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", "principalAttributesRepository" : { "@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository" } "allowedAttributes" : [ "java.util.ArrayList", [ "mail", "givenName"] ] "authorizedToReleaseCredentialPassword" : false, "authorizedToReleaseProxyGrantingTicket" : false }, ... and in client side i have: phpCAS::client(CAS_VERSION_3_0,'xxx',443,'cas'); ... $attr = phpCAS::getAttributes(); but my response is (don't involve my attribute mail and givenName) : <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> AEF4 .| | | | | | <cas:authenticationSuccess> AEF4 .| | | | | | <cas:user>xxx</cas:user> AEF4 .| | | | | | AEF4 .| | | | | | <cas:attributes> AEF4 .| | | | | | AEF4 .| | | | | | <cas:LdapAuthenticationHandler.dn>xxxxxxxxx</cas:LdapAuthenticationHandler.dn> AEF4 .| | | | | | AEF4 .| | | | | | <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed> AEF4 .| | | | | | AEF4 .| | | | | | <cas:isFromNewLogin>true</cas:isFromNewLogin> AEF4 .| | | | | | AEF4 .| | | | | | <cas:authenticationDate>2017-02-01T10:46:15.737+03:30</cas:authenticationDate> AEF4 .| | | | | | AEF4 .| | | | | | AEF4 .| | | | | | </cas:attributes> AEF4 .| | | | | | AEF4 .| | | | | | </cas:authenticationSuccess> AEF4 .| | | | | | </cas:serviceResponse> please help me. thanks in advance. On Thursday, June 23, 2016 at 3:54:19 AM UTC+3:30, Warren White wrote: > > Changing client from CAS Protocol 2 to CAS Protocol 3 has solved my > problem. > Thank you for the hint, /p3/serviceValidate > > Warren > > On Wednesday, 22 June 2016 15:58:01 UTC-7, Misagh Moayyed wrote: >> >> That means: >> >> 1. CAS might have some attributes cached already as part of primary >> authn. >> >> 2. CAS starts to retrieve attributes during a particular validation >> event, based on caching rules and if/when configured. >> >> 3. When it does, in case there are collisions between what it >> already had and what it retrieved again, there might be a need to merge. >> You told it to never merge. >> >> >> >> Merging attribute repositories from person directory is separate from >> this. It’s safe to ignore this based on you description. >> >> >> >> You’ll need to make sure attributes are allowed for release for that >> client, and the client is hitting the /p3/serviceValidate endpoint. >> >> >> >> *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Warren >> White >> *Sent:* Wednesday, June 22, 2016 12:28 PM >> *To:* CAS Community <[email protected]> >> *Subject:* [cas-user] Attributes retrieved server side, but not >> available to client >> >> >> >> I am attempting to include Principal Attributes for the client after >> login in via CAS 4.2.2 >> >> Server cas.log: >> >> 2016-06-22 10:56:04,428 DEBUG [org.jasig.services.persondir.support. >> MergingPersonAttributeDaoImpl] >> - Retrieved >> attributes='[NamedPersonImpl[name=xyz,attributes={USER_ROLE=[login, >> admin, student]}]]' for query='{username=[xyz]}', isFirstQuery=false, >> currentlyConsidering= >> 'org.jasig.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao@62aac52b' >> , resultAttributes='[NamedPersonImpl[name=xyz,attributes={displayName=[xyz], >> uid=[1198], mail=[[email protected]]}]]' >> >> 2016-06-22 10:56:04,428 DEBUG [org.jasig.services.persondir.support. >> MergingPersonAttributeDaoImpl] >> - Aggregated search results >> '[NamedPersonImpl[name=xyz,attributes={displayName=[xyz], >> uid=[1198], mail=[[email protected]], USER_ROLE=[login, admin, student]}]]' for >> query='{username=[xyz]}' >> 2016-06-22 10:56:04,429 DEBUG [org.jasig.cas.authentication.principal. >> cache.AbstractPrincipalAttributesRepository] >> - Found [4] attributes for principal [xyz] from the attribute repository. >> 2016-06-22 10:56:04,429 DEBUG [org.jasig.cas.authentication.principal. >> cache.AbstractPrincipalAttributesRepository] >> - No merging strategy found, so attributes retrieved from the repository >> will be used instead. >> >> >> I have merged attributes from a SingleRowJdbcPersonAttributeDao and from >> a MultiRowJdbcPersonAttributeDao, both are working, as the Aggregated >> results show. >> >> The debug also shows Found 4 attributes found for principal. >> >> I am confused about the last debug statement "No merging strategy >> found....", but I am merging the attributes. >> >> And the client side, only the Principal attribute id is returned, no >> other attributes. >> >> How to access the Principal Attributes from client? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/197787c8-2e0c-4106-a11a-fe04acf4df3c%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/197787c8-2e0c-4106-a11a-fe04acf4df3c%40apereo.org?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected] <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/3cad299e-1e47-40d0-8c4e-f52a57a4414e%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3cad299e-1e47-40d0-8c4e-f52a57a4414e%40apereo.org?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/67236f5f-7217-4411-bc10-d330aa5c6f30%40googlegroups.com.
