Would you be willing to share your code for multiple AUP? We have a need to
implement a similar system. in CAS 3.5 we had contributed
https://wiki.jasig.org/display/CASUM/Acceptable+Use+interface+for+Login+Webflow
and we're now looking to move the same functionality into 5.1.0
On Wednesday, February 1, 2017 at 5:52:23 PM UTC-5, jeremy.wickham wrote:
>
> I am implementing our login policies into CAS v5.0.2 using the Acceptable
> Use Policy module as my guide. We have multiple policies, so I am unable to
> use AUP for what we need to accomplish. I’m having an issue retrieving the
> principal attributes.
>
>
>
> I was hopig someone could guide me on to where I’m steering wrong with
> this.
>
>
>
> I’ve named attributes in my cas.properties file as:
>
>
>
> cas.authn.attributeRepository.attributes.uid=uid
>
> cas.authn.attributeRepository.attributes.cn=Name
>
> cas.authn.attributeRepository.attributes.msuUDCID=UDC_IDENTIFIER
>
> cas.authn.attributeRepository.attributes.msuCasAuth=msuCasAuth
>
> cas.authn.attributeRepository.attributes.msuCopyright=msuCopyright
>
> cas.authn.attributeRepository.attributes.msuEmplEthics=msuEmplEthics
>
> cas.authn.attributeRepository.attributes.msuEmplCert=msuEmplCert
>
>
>
>
>
> In my log file I see where the attributes are retrieved and the correct
> values are there. For example:
>
> 2017-02-01 16:21:30,880 DEBUG
> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Retrieved
> principal id attribute jrw16>
>
> 2017-02-01 16:21:30,881 DEBUG
> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found
> principal attribute: [msuUDCID[FEB9AFE3FC5EEA1CE04012822A026E73]]>
>
> 2017-02-01 16:21:30,881 DEBUG
> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found
> principal attribute: [uid[jrw16]]>
>
> 2017-02-01 16:21:30,882 DEBUG
> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found
> principal attribute: [msuEmplEthics[Y]]>
>
> 2017-02-01 16:21:30,883 DEBUG
> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found
> principal attribute: [msuCasAuth[cas-empl-not-student-eforms,
> cas-guest-passwd-auth, cas-employee-eforms, cas-microsoft-hup-employee,
> cas-accts-exchange, cas-mystate-access-eforms, cas-libdb-auth-library,
> cas-data-admin-eis, cas-its-auth, cas-current-employee,
> eforms-empl-not-student, cas-user-accts-google, cas-empl-cert,
> cas-its-division, cas-wireless-auth]]>
>
> 2017-02-01 16:21:30,884 DEBUG
> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Principal
> attribute: [msuCasAuth[cas-empl-not-student-eforms, cas-guest-passwd-auth,
> cas-employee-eforms, cas-microsoft-hup-employee, cas-accts-exchange,
> cas-mystate-access-eforms, cas-libdb-auth-library, cas-data-admin-eis,
> cas-its-auth, cas-current-employee, eforms-empl-not-student,
> cas-user-accts-google, cas-empl-cert, cas-its-division, cas-wireless-auth]]
> is multivalued>
>
> 2017-02-01 16:21:30,884 DEBUG
> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found
> principal attribute: [msuEmplCert[Y]]>
>
> 2017-02-01 16:21:30,885 DEBUG
> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found
> principal attribute: [cn[Jeremy Wickham]]>
>
> 2017-02-01 16:21:30,886 DEBUG
> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found
> principal attribute: [msuCopyright[Y]]>
>
> 2017-02-01 16:21:30,887 DEBUG
> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Created LDAP
> principal for id jrw16 and 8 attributes>
>
>
>
>
>
> Then later in the logs I am seeing this:
>
>
>
> 2017-02-01 16:21:31,123 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Locating principal attributes for jrw16>
>
> 2017-02-01 16:21:31,124 DEBUG
> [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository]
>
> - <DefaultPrincipalAttributesRepository will return the collection of
> attributes directly associated with the principal object which are
> [{cn=Name, msuCasAuth=msuCasAuth, msuCopyright=msuCopyright,
> msuEmplCert=msuEmplCert, msuEmplEthics=msuEmplEthics,
> msuUDCID=UDC_IDENTIFIER, uid=uid, username=jrw16}]>
>
> 2017-02-01 16:21:31,125 DEBUG
> [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository]
>
> - <Found [8] cached attributes for principal [jrw16] that are {cn=Name,
> msuCasAuth=msuCasAuth, msuCopyright=msuCopyright, msuEmplCert=msuEmplCert,
> msuEmplEthics=msuEmplEthics, msuUDCID=UDC_IDENTIFIER, uid=uid,
> username=jrw16}>
>
> 2017-02-01 16:21:31,126 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Found principal attributes {cn=Name, msuCasAuth=msuCasAuth,
> msuCopyright=msuCopyright, msuEmplCert=msuEmplCert,
> msuEmplEthics=msuEmplEthics, msuUDCID=UDC_IDENTIFIER, uid=uid,
> username=jrw16} for jrw16>
>
>
>
> Also my service config is very bare bones:
>
> {
>
> "@class": "org.apereo.cas.services.RegexRegisteredService",
>
> "serviceId": "^http://mobile-devel01.its.msstate.edu:8080/.*";,
>
> "name": "Testing Attributes",
>
> "id": 1817043258496376,
>
> "description": "Testing Attributes",
>
> "evaluationOrder": 7,
>
> }
>
>
>
> Thank you for your help
>
> -Jeremy
>
> *________________________*
>
> *Jeremy Wickham*
>
> Senior Systems Analyst
>
> Mississippi State University
>
> [email protected] <javascript:>
>
>
>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/635d719e-4f6d-4642-ba8b-8088a8a614f7%40apereo.org.
