Re: [cas-user] making an extra LDAP attribute visible via CAS

Tue, 26 Sep 2017 06:16:00 -0700

We are working towards this as well but do not have it in place yet. I think it will be a two step process. Inside the C:\etc\cas\config\cas.properties files in the LDAP section you need to tell it what attributes from LDAP you want to pull.... 

cas.authn.ldap[0].principalAttributeList=sn,cn,mail,displayname,givenName,sAMAccountName,employeeType,*employeeNumber*
Then, inside the .json file that denotes the service entry for Self Service Banner you would map the employeeNumber LDAP attribute to UDC_IDENTIFIER for when you send the info out.... here is (what I believe to be) a valid .json file, in our case located in C:\etc\cas\services\service_entry_4_475674893038.json with the UDC_IDENTIFIER line bolded 

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "https://bss.wheatonma.edu/.*";,
  "name" : "BannerSelfService",
  "id" : 475674893038,
  "description" : "Service entry to Banner SSO",

  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", 
    "allowedAttributes" : {
      "@class" : "java.util.TreeMap",
      "sn" : "sn",
      "cn" : "cn",
      "mail" : "EmailAddress",
      "displayname" : "FullName"
*"employeeNumber" : "UDC_IDENTIFIER"*
      "employeeType" : "affiliation"
    }
  },

  "evaluationOrder" : 6
}



On 9/26/2017 8:46 AM, charlie derr wrote:

Greetings,
    We are new to CAS, but have managed to successfully get 5.1 working
with our LDAP directory on the back end. Apologies if this is a FAQ, but
I've looked around the web for the answer and only found instructions on
how to do this with 4.x (and earlier) CAS installs.
    We have a need to expose the LDAP attribute employeeNumber (it's
present directly on each user's entry) as UDC_IDENTIFIER to the
application using CAS (Self-Service Banner). Any pointers or links to
documentation on how to correctly and securely accomplish this will very
much be appreciated.

        thanks ever so much,
            ~c

--
Charlie Derr
Director of Instructional Technology
Bard College at Simon's Rock
413-528-7344



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- You received this message because you are subscribed to the Google Groups "CAS Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b2775040-27cb-11c6-4b64-d16f14581a2e%40wheatoncollege.edu.

Reply via email to