Re: [cas-user] making an extra LDAP attribute visible via CAS

Tue, 26 Sep 2017 06:16:00 -0700

We are working towards this as well but do not have it in place yet. I think it will be a two step process. Inside the C:\etc\cas\config\cas.properties files in the LDAP section you need to tell it what attributes from LDAP you want to pull.... 

cas.authn.ldap[0].principalAttributeList=sn,cn,mail,displayname,givenName,sAMAccountName,employeeType,*employeeNumber*
Then, inside the .json file that denotes the service entry for Self Service Banner you would map the employeeNumber LDAP attribute to UDC_IDENTIFIER for when you send the info out.... here is (what I believe to be) a valid .json file, in our case located in C:\etc\cas\services\service_entry_4_475674893038.json with the UDC_IDENTIFIER line bolded 

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "https://bss.wheatonma.edu/.*";,
  "name" : "BannerSelfService",
  "id" : 475674893038,
  "description" : "Service entry to Banner SSO",

  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", 
    "allowedAttributes" : {
      "@class" : "java.util.TreeMap",
      "sn" : "sn",
      "cn" : "cn",
      "mail" : "EmailAddress",
      "displayname" : "FullName"
*"employeeNumber" : "UDC_IDENTIFIER"*
      "employeeType" : "affiliation"
    }
  },

  "evaluationOrder" : 6
}



On 9/26/2017 8:46 AM, charlie derr wrote:

Greetings,
    We are new to CAS, but have managed to successfully get 5.1 working
with our LDAP directory on the back end. Apologies if this is a FAQ, but
I've looked around the web for the answer and only found instructions on
how to do this with 4.x (and earlier) CAS installs.
    We have a need to expose the LDAP attribute employeeNumber (it's
present directly on each user's entry) as UDC_IDENTIFIER to the
application using CAS (Self-Service Banner). Any pointers or links to
documentation on how to correctly and securely accomplish this will very
much be appreciated.

        thanks ever so much,
            ~c

--
Charlie Derr
Director of Instructional Technology
Bard College at Simon's Rock
413-528-7344



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- You received this message because you are subscribed to the Google Groups "CAS Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b2775040-27cb-11c6-4b64-d16f14581a2e%40wheatoncollege.edu.

Reply via email to