I had this same issue and figured out that I wasn't telling LDAP which attributes to pull back. Once I set that up I was able to get attribute via SAML 1.1. For example, if you want to pull back a user's sn and givenName you'd do this in your cas.properties:
cas.authn.ldap[0].principalAttributeList=sn,givenName If you're not using LDAP then maybe there is another configuration setting where you can specify the attributes. On Wed, Mar 29, 2017 at 1:43 PM, <[email protected]> wrote: > I would like to know if you found a Guide on how to get CAS 5.0 working > with the SAML 1.1 setting as a step by step guide. I can get auth working > but haven't had any luck with Saml 1.1 attribute release. We are migrating > from CAS 3.5.2 to CAS 5.0 and I feel CAS 5.0 is seriously lacking > documentation that was present with CAS 3.5.x. > > > > > On Friday, February 10, 2017 at 6:03:28 PM UTC-6, Tim McLaughlin wrote: > >> Hello, >> >> >> >> I've been tasked with converting our CAS 4.1.x install to 5.0.x. I've >> authenticating against our local AD server, and I think I have it reading >> the JSON service definitions. However, it doesn't appear to be releasing >> "extra" attributes using the "attributeReleasePolicy" document in the JSON >> service document. >> >> >> >> Specifically: >> >> { >> >> "@class" : "org.apereo.cas.services.RegexRegisteredService", >> >> "serviceId" : "testid", >> >> "name" : "testid", >> >> "id" : 0, >> >> "evaluationOrder" : 0, >> >> "description" : "Testing Service", >> >> "attributeReleasePolicy" : { >> >> "@class" : "org.apereo.cas.services.Retur >> nAllowedAttributeReleasePolicy", >> >> "allowedAttributes" : [ >> >> "java.util.ArrayList", >> >> [ >> >> "UDC_IDENTIFIER" >> >> ] >> >> ] >> >> } >> >> } >> >> >> >> I would expect to see "UDC_IDENTIFIER" in the <cas:serviceResponse> for >> that serviceId, as that works in 4.1.10, but it isn't there. The only >> thing I've modified between the two CAS versions is the classpath >> s/jasig/apereo/. >> >> >> >> The UDC_IDENTIFIER is a "mapped" name for an extensionAttribute in our >> AD. I can't find documentation on how to do that in 5.0.x, but from the >> example it looks like perhaps this is the way: >> >> cas.authn.ldap[0].principalAttributeList=sAMAccountName,user >> PrincipalName,sn,givenName,extensionAttribute2:UDC_IDENTIFIER >> >> >> >> Under 4.1.10 I am using a principalAttributeMap but all of the >> configuration around the LDAP principal is different. >> >> >> >> Is there any doc that will walk me through what's necessary to set this >> up in CAS 5.0.x? >> >> >> >> Thank you, >> >> Tim McLaughlin >> >> >> >> -- >> - CAS gitter chatroom: https://gitter.im/apereo/cas >> - CAS mailing list guidelines: https://apereo.github.io/cas/M >> ailing-Lists.html >> - CAS documentation website: https://apereo.github.io/cas >> - CAS project website: https://github.com/apereo/cas >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/a/ap >> ereo.org/d/msgid/cas-user/94FCBC0F-A729-42AD-8BBC-A8406A8722A5%40wwu.edu >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/94FCBC0F-A729-42AD-8BBC-A8406A8722A5%40wwu.edu?utm_medium=email&utm_source=footer> >> . >> > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/89eed342-f09d-4532-9c99- > b32449886710%40googlegroups.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/89eed342-f09d-4532-9c99-b32449886710%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAN6MV5POuqZccZqEr9C%2B4982D_Z5zvT8ZYB-sVLNOdJ2ESyREg%40mail.gmail.com.
