I have gotten this working now as well thanks. Have you tried SAML2 attribute release?
On Thursday, May 4, 2017 at 1:26:50 PM UTC-5, apcausey wrote: > > I had this same issue and figured out that I wasn't telling LDAP which > attributes to pull back. Once I set that up I was able to get attribute via > SAML 1.1. For example, if you want to pull back a user's sn and givenName > you'd do this in your cas.properties: > > cas.authn.ldap[0].principalAttributeList=sn,givenName > > If you're not using LDAP then maybe there is another configuration setting > where you can specify the attributes. > > On Wed, Mar 29, 2017 at 1:43 PM, <[email protected] <javascript:>> > wrote: > >> I would like to know if you found a Guide on how to get CAS 5.0 working >> with the SAML 1.1 setting as a step by step guide. I can get auth working >> but haven't had any luck with Saml 1.1 attribute release. We are migrating >> from CAS 3.5.2 to CAS 5.0 and I feel CAS 5.0 is seriously lacking >> documentation that was present with CAS 3.5.x. >> >> >> >> >> On Friday, February 10, 2017 at 6:03:28 PM UTC-6, Tim McLaughlin wrote: >> >>> Hello, >>> >>> >>> >>> I've been tasked with converting our CAS 4.1.x install to 5.0.x. I've >>> authenticating against our local AD server, and I think I have it reading >>> the JSON service definitions. However, it doesn't appear to be releasing >>> "extra" attributes using the "attributeReleasePolicy" document in the JSON >>> service document. >>> >>> >>> >>> Specifically: >>> >>> { >>> >>> "@class" : "org.apereo.cas.services.RegexRegisteredService", >>> >>> "serviceId" : "testid", >>> >>> "name" : "testid", >>> >>> "id" : 0, >>> >>> "evaluationOrder" : 0, >>> >>> "description" : "Testing Service", >>> >>> "attributeReleasePolicy" : { >>> >>> "@class" : >>> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", >>> >>> "allowedAttributes" : [ >>> >>> "java.util.ArrayList", >>> >>> [ >>> >>> "UDC_IDENTIFIER" >>> >>> ] >>> >>> ] >>> >>> } >>> >>> } >>> >>> >>> >>> I would expect to see "UDC_IDENTIFIER" in the <cas:serviceResponse> for >>> that serviceId, as that works in 4.1.10, but it isn't there. The only >>> thing I've modified between the two CAS versions is the classpath >>> s/jasig/apereo/. >>> >>> >>> >>> The UDC_IDENTIFIER is a "mapped" name for an extensionAttribute in our >>> AD. I can't find documentation on how to do that in 5.0.x, but from the >>> example it looks like perhaps this is the way: >>> >>> >>> cas.authn.ldap[0].principalAttributeList=sAMAccountName,userPrincipalName,sn,givenName,extensionAttribute2:UDC_IDENTIFIER >>> >>> >>> >>> Under 4.1.10 I am using a principalAttributeMap but all of the >>> configuration around the LDAP principal is different. >>> >>> >>> >>> Is there any doc that will walk me through what's necessary to set this >>> up in CAS 5.0.x? >>> >>> >>> >>> Thank you, >>> >>> Tim McLaughlin >>> >>> >>> >>> -- >>> - CAS gitter chatroom: https://gitter.im/apereo/cas >>> - CAS mailing list guidelines: >>> https://apereo.github.io/cas/Mailing-Lists.html >>> - CAS documentation website: https://apereo.github.io/cas >>> - CAS project website: https://github.com/apereo/cas >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/94FCBC0F-A729-42AD-8BBC-A8406A8722A5%40wwu.edu >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/94FCBC0F-A729-42AD-8BBC-A8406A8722A5%40wwu.edu?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> - CAS gitter chatroom: https://gitter.im/apereo/cas >> - CAS mailing list guidelines: >> https://apereo.github.io/cas/Mailing-Lists.html >> - CAS documentation website: https://apereo.github.io/cas >> - CAS project website: https://github.com/apereo/cas >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/89eed342-f09d-4532-9c99-b32449886710%40googlegroups.com >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/89eed342-f09d-4532-9c99-b32449886710%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b0978ef3-e85b-451e-b230-6ec7c58e24f1%40apereo.org.
