[cas-user] Migrating CAS 4.x to 5.1 - Problem with jdbc attribute mapping

SebastianU Fri, 15 Sep 2017 01:11:13 -0700

Hello,

I'stuck by migrating the cas configuration from 4.x version to 5.1.


In 4.x I got the following configuration for the attributes:

  <bean id="primaryPrincipalResolver"
    
class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver">
    <property name="attributeRepository" ref="attributeRepository"/>
  </bean>

  <bean id="attributeRepository"
    
class="org.jasig.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao">
    <constructor-arg index="0" ref="dataSource"/>
    <constructor-arg index="1"
      value="SELECT 'USER_ROLE' as role_name, FUNCTION as ROLENAME FROM 
FUNCTIONS WHERE  {0}"/>
    <property name="queryAttributeMapping">
      <map>
        <entry key="username" value="ID"/>
      </map>
    </property>
    <property name="nameValueColumnMappings">
      <map>
        <entry key="role_name" value="ROLENAME"/>
      </map>
    </property>
  </bean>

  <bean id="serviceRegistryDao" 
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
    p:registeredServices-ref="registeredServicesList"/>

  <util:list id="registeredServicesList">
    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
      <property name="id" value="0"/>
      <property name="name" value="HTTPS Services"/>
      <property name="description" value="YOUR HTTP Service"/>
      <property name="serviceId" value="https://**"/>
      <property name="allowedAttributes">
        <list>
          <value>USER_ROLE</value>
        </list>
      </property>
    </bean>
  </util:list>


Now I'm trying to configure CAS 5.1 to use the same functionality and I'm 
stuck...

Log:
DEBUG 
[org.apereo.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao] 
(default task-19) Executed 'SELECT  'USER_ROLE' as role_name, FUNCTION  as 
ROLENAME FROM FUNCTIONS  WHERE {0}' with arguments [casuser] and got 
results [{ID=casuser, ROLE_NAME=USER_ROLE, ROLENAME=EDITOR}, {ID=casuser, 
ROLE_NAME=USER_ROLE, ROLENAME=VIEWER}]
2017-09-14 18:29:24,391 DEBUG 
[org.apereo.services.persondir.support.MergingPersonAttributeDaoImpl] 
(default task-19) Retrieved 
attributes='[NamedPersonImpl[name=CASUSER,attributes={}]]' for 
query='{username=[casuser]}', isFirstQuery=false, 
currentlyConsidering='org.apereo.services.persondir.support.jdbc.MultiRowJdbcPersonAttributeDao@7698881',
 
resultAttributes='null'
DEBUG [org.apereo.services.persondir.support.MergingPersonAttributeDaoImpl] 
(default task-19) Aggregated search results 
'[NamedPersonImpl[name=CASUSER,attributes={}]]' for 
query='{username=[casuser]}'
DEBUG [org.apereo.services.persondir.support.CachingPersonAttributeDaoImpl] 
(default task-19) Retrieved query from wrapped IPersonAttributeDao and 
stored in cache for scopedTarget.attributeRepository. 
key='-265766846|-265796123', 
results='[NamedPersonImpl[name=CASUSER,attributes={}]]'
DEBUG 
[org.apereo.services.persondir.support.CachingPersonAttributeDaoImpl.statistics]
 
(default task-19) Cache Stats scopedTarget.attributeRepository: queries=1, 
hits=0, *misses=1*
DEBUG 
[org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver]
 
(default task-19) *Principal id [casuser] did not specify any attributes*
DEBUG 
[org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver]
 
(default task-19) *Returning the principal with id [casuser] without any 
attributes*

My configuration cas.properties is:
# config Authentication Attributes
cas.authn.attributeRepository.expireInMinutes=30
cas.authn.attributeRepository.maximumCacheSize=10000
cas.authn.attributeRepository.merger=MERGE

cas.authn.attributeRepository.jdbc[0].attributes.uid=ROLENAME

cas.authn.attributeRepository.jdbc[0].singleRow=false
cas.authn.attributeRepository.jdbc[0].order=0
cas.authn.attributeRepository.jdbc[0].requireAllAttributes=true
cas.authn.attributeRepository.jdbc[0].caseCanonicalization=UPPER
# cas.authn.attributeRepository.jdbc[0].queryType=OR|AND

# Used only when there is a mapping of many rows to one user
cas.authn.attributeRepository.jdbc[0].columnMappings.role_name=ROLENAME
# 
cas.authn.attributeRepository.jdbc[0].columnMappings.columnAttrName2=columnAttrValue2
# 
cas.authn.attributeRepository.jdbc[0].columnMappings.columnAttrName3=columnAttrValue3
cas.authn.attributeRepository.jdbc[0].sql=SELECT  'USER_ROLE' as role_name, 
FUNCTION  as ROLENAME FROM FUNCTIONS  WHERE {0}
cas.authn.attributeRepository.jdbc[0].username=ID
cas.authn.attributeRepository.jdbc[0].isolateInternalQueries=false
cas.authn.attributeRepository.jdbc[0].failFast=true
cas.authn.attributeRepository.jdbc[0].isolationLevelName=ISOLATION_READ_COMMITTED
cas.authn.attributeRepository.jdbc[0].leakThreshold=10
cas.authn.attributeRepository.jdbc[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.attributeRepository.jdbc[0].batchSize=1
cas.authn.attributeRepository.jdbc[0].autocommit=false
cas.authn.attributeRepository.jdbc[0].idleTimeout=5000
cas.authn.attributeRepository.jdbc[0].pool.suspension=false
cas.authn.attributeRepository.jdbc[0].pool.minSize=6
cas.authn.attributeRepository.jdbc[0].pool.maxSize=18
cas.authn.attributeRepository.jdbc[0].pool.maxWait=2000
cas.authn.attributeRepository.defaultAttributesToRelease=USER_ROLE,role_name

What am I missing?


Help appreciated!

Sebastian

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/84b1e3eb-c23e-43e3-847f-3b7b48f97151%40apereo.org.

[cas-user] Migrating CAS 4.x to 5.1 - Problem with jdbc attribute mapping

Reply via email to