Hello, I'stuck by migrating the cas configuration from 4.x version to 5.1.
In 4.x I got the following configuration for the attributes: <bean id="primaryPrincipalResolver" class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver"> <property name="attributeRepository" ref="attributeRepository"/> </bean> <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao"> <constructor-arg index="0" ref="dataSource"/> <constructor-arg index="1" value="SELECT 'USER_ROLE' as role_name, FUNCTION as ROLENAME FROM FUNCTIONS WHERE {0}"/> <property name="queryAttributeMapping"> <map> <entry key="username" value="ID"/> </map> </property> <property name="nameValueColumnMappings"> <map> <entry key="role_name" value="ROLENAME"/> </map> </property> </bean> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" p:registeredServices-ref="registeredServicesList"/> <util:list id="registeredServicesList"> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="0"/> <property name="name" value="HTTPS Services"/> <property name="description" value="YOUR HTTP Service"/> <property name="serviceId" value="https://**"/> <property name="allowedAttributes"> <list> <value>USER_ROLE</value> </list> </property> </bean> </util:list> Now I'm trying to configure CAS 5.1 to use the same functionality and I'm stuck... Log: DEBUG [org.apereo.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao] (default task-19) Executed 'SELECT 'USER_ROLE' as role_name, FUNCTION as ROLENAME FROM FUNCTIONS WHERE {0}' with arguments [casuser] and got results [{ID=casuser, ROLE_NAME=USER_ROLE, ROLENAME=EDITOR}, {ID=casuser, ROLE_NAME=USER_ROLE, ROLENAME=VIEWER}] 2017-09-14 18:29:24,391 DEBUG [org.apereo.services.persondir.support.MergingPersonAttributeDaoImpl] (default task-19) Retrieved attributes='[NamedPersonImpl[name=CASUSER,attributes={}]]' for query='{username=[casuser]}', isFirstQuery=false, currentlyConsidering='org.apereo.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao@7698881', resultAttributes='null' DEBUG [org.apereo.services.persondir.support.MergingPersonAttributeDaoImpl] (default task-19) Aggregated search results '[NamedPersonImpl[name=CASUSER,attributes={}]]' for query='{username=[casuser]}' DEBUG [org.apereo.services.persondir.support.CachingPersonAttributeDaoImpl] (default task-19) Retrieved query from wrapped IPersonAttributeDao and stored in cache for scopedTarget.attributeRepository. key='-265766846|-265796123', results='[NamedPersonImpl[name=CASUSER,attributes={}]]' DEBUG [org.apereo.services.persondir.support.CachingPersonAttributeDaoImpl.statistics] (default task-19) Cache Stats scopedTarget.attributeRepository: queries=1, hits=0, *misses=1* DEBUG [org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver] (default task-19) *Principal id [casuser] did not specify any attributes* DEBUG [org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver] (default task-19) *Returning the principal with id [casuser] without any attributes* My configuration cas.properties is: # config Authentication Attributes cas.authn.attributeRepository.expireInMinutes=30 cas.authn.attributeRepository.maximumCacheSize=10000 cas.authn.attributeRepository.merger=MERGE cas.authn.attributeRepository.jdbc[0].attributes.uid=ROLENAME cas.authn.attributeRepository.jdbc[0].singleRow=false cas.authn.attributeRepository.jdbc[0].order=0 cas.authn.attributeRepository.jdbc[0].requireAllAttributes=true cas.authn.attributeRepository.jdbc[0].caseCanonicalization=UPPER # cas.authn.attributeRepository.jdbc[0].queryType=OR|AND # Used only when there is a mapping of many rows to one user cas.authn.attributeRepository.jdbc[0].columnMappings.role_name=ROLENAME # cas.authn.attributeRepository.jdbc[0].columnMappings.columnAttrName2=columnAttrValue2 # cas.authn.attributeRepository.jdbc[0].columnMappings.columnAttrName3=columnAttrValue3 cas.authn.attributeRepository.jdbc[0].sql=SELECT 'USER_ROLE' as role_name, FUNCTION as ROLENAME FROM FUNCTIONS WHERE {0} cas.authn.attributeRepository.jdbc[0].username=ID cas.authn.attributeRepository.jdbc[0].isolateInternalQueries=false cas.authn.attributeRepository.jdbc[0].failFast=true cas.authn.attributeRepository.jdbc[0].isolationLevelName=ISOLATION_READ_COMMITTED cas.authn.attributeRepository.jdbc[0].leakThreshold=10 cas.authn.attributeRepository.jdbc[0].propagationBehaviorName=PROPAGATION_REQUIRED cas.authn.attributeRepository.jdbc[0].batchSize=1 cas.authn.attributeRepository.jdbc[0].autocommit=false cas.authn.attributeRepository.jdbc[0].idleTimeout=5000 cas.authn.attributeRepository.jdbc[0].pool.suspension=false cas.authn.attributeRepository.jdbc[0].pool.minSize=6 cas.authn.attributeRepository.jdbc[0].pool.maxSize=18 cas.authn.attributeRepository.jdbc[0].pool.maxWait=2000 cas.authn.attributeRepository.defaultAttributesToRelease=USER_ROLE,role_name What am I missing? Help appreciated! Sebastian -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/84b1e3eb-c23e-43e3-847f-3b7b48f97151%40apereo.org.