Toby, You may need to adjust your service (service registry) to allow the attributes to be released. These log settings may be useful: <!-- WARN DN resolution failed - TODO investigate this Requested LDAP attribute [???] ... --> <AsyncLogger name="org.apereo.cas.authentication.LdapAuthenticationHandler" level="debug" />
<!-- DEBUG Found principal attributes [...] for [username] Attribute policy [???] allows release of [...] for [username] Final collection of attributes allowed are: [...] --> <AsyncLogger name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy" level="debug"/> Ray On Fri, 2018-02-23 at 12:36 -0800, Toby Archer wrote: I'm trying to figure out how to do attribute release and haven't gotten anywhere. I've read all the pages like this one: https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html and tried searching this mailing list and followed instructions like in this one: https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/attribute/cas-user/VVaONIp1Ts0/Hedpv2uGAwAJ Right now I'm using ldap for both authentication and attributes. The relevant part of my cas.properties file looks like this: # LDAP Auth cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu cas.authn.ldap[0].baseDn=o=usd.edu cas.authn.ldap[0].userFilter=uid=%u cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].bindDn=cn=Directory Manager cas.authn.ldap[0].bindCredential=password cas.authn.ldap[0].userFilter=uid={user} cas.authn.ldap[0].dnFormat=uid=%s,ou=people cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore cas.authn.ldap[0].keyStorePassword=password cas.authn.ldap[0].name=dev-ldap7-1 cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true cas.authn.ldap[0].principalAttributeList=cn,sn,mail cas.authn.attributeRepository.defaultAttributesToRelease=cn,sn,mail cas.authn.attributeRepository.stub.attributes.uid=uid cas.authn.attributeRepository.stub.attributes.displayName=displayName cas.authn.attributeRepository.stub.attributes.cn=commonName cas.authn.attributeRepository.ldap[0].type=AUTHENTICATED cas.authn.attributeRepository.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu cas.authn.attributeRepository.ldap[0].baseDn=o=usd.edu cas.authn.attributeRepository.ldap[0].userFilter=uid=%u cas.authn.attributeRepository.ldap[0].subtreeSearch=true cas.authn.attributeRepository.ldap[0].bindDn=cn=Directory Manager cas.authn.attributeRepository.ldap[0].bindCredential=password cas.authn.attributeRepository.ldap[0].userFilter=uid={user} cas.authn.attributeRepository.ldap[0].dnFormat=uid=%s,uo=people cas.authn.attributeRepository.ldap[0].keystore=file:/etc/cas/thekeystore cas.authn.attributeRepository.ldap[0].keyStorePassword=password cas.authn.attributeRepository.ldap[0].name=dev-ldap7-1 cas.authn.attributeRepository.ldap[0].uid=uid cas.authn.attributeRepository.ldap[0].displayName=displayName cas.authn.attributeRepository.ldap[0].cn=commonName cas.authn.attributeRepository.ldap[0].mail=mail cas.authn.attributeRepository.ldap[0].sn=sn There are configurations for a couple of different attempts, but regardless of what I do get back no attributes. The docs talk about the personDirectory but either don't give instructions on how to configure it or give instructions for cas 4. I'm at a bit of a loss on what to do. Any advise out there? -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1519421956.1765.81.camel%40uvic.ca.