Should you be able to verify the released attributes in
cas/status/attrresolution ... I assume if a user logs in via cas, you can
go to attrresolution page, enter their id and view released attributes. I
don't see anything though
On Tuesday, September 26, 2017 at 8:15:39 AM UTC-5, gibson_brian wrote:
>
> We are working towards this as well but do not have it in place yet. I
> think it will be a two step process. Inside the
> C:\etc\cas\config\cas.properties files in the LDAP section you need to tell
> it what attributes from LDAP you want to pull....
>
>
> cas.authn.ldap[0].principalAttributeList=sn,cn,mail,displayname,givenName,sAMAccountName,employeeType,
> *employeeNumber*
>
> Then, inside the .json file that denotes the service entry for Self
> Service Banner you would map the employeeNumber LDAP attribute to
> UDC_IDENTIFIER for when you send the info out.... here is (what I believe
> to be) a valid .json file, in our case located in
> C:\etc\cas\services\service_entry_4_475674893038.json with the
> UDC_IDENTIFIER line bolded
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "https://bss.wheatonma.edu/.*";
> <https://bss.wheatonma.edu/.*>,
> "name" : "BannerSelfService",
> "id" : 475674893038,
> "description" : "Service entry to Banner SSO",
>
> "attributeReleasePolicy" : {
> "@class" :
> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
> "allowedAttributes" : {
> "@class" : "java.util.TreeMap",
> "sn" : "sn",
> "cn" : "cn",
> "mail" : "EmailAddress",
> "displayname" : "FullName"
> * "employeeNumber" : "UDC_IDENTIFIER"*
> "employeeType" : "affiliation"
> }
> },
>
> "evaluationOrder" : 6
> }
>
>
>
> On 9/26/2017 8:46 AM, charlie derr wrote:
>
> Greetings,
> We are new to CAS, but have managed to successfully get 5.1 working
> with our LDAP directory on the back end. Apologies if this is a FAQ, but
> I've looked around the web for the answer and only found instructions on
> how to do this with 4.x (and earlier) CAS installs.
> We have a need to expose the LDAP attribute employeeNumber (it's
> present directly on each user's entry) as UDC_IDENTIFIER to the
> application using CAS (Self-Service Banner). Any pointers or links to
> documentation on how to correctly and securely accomplish this will very
> much be appreciated.
>
> thanks ever so much,
> ~c
>
> --
> Charlie Derr
> Director of Instructional Technology
> Bard College at Simon's Rock
> 413-528-7344
>
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a6a9ed62-2e93-412c-8d8b-bb57128358cc%40apereo.org.
