Zach,
Looking at the docs for 5.0 I see that it doesn't seem to support multiple
LDAP servers, so the
cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER that
you see in other posts here would actually be more like this:
cas.authn.attributeRepository.attributes.udcid=UDC_IDENTIFIER but
obviously setting "employeeNumber" rather than "udcid" to the
UDC_IDENTIFIER attribute.
I'm not sure if that's where your problem is, since you are getting the
UDC_IDENTIFIER name for it in the cas.log file, but I point it out because
it does differ from what those with later version of CAS will be using.
What do you have in the service registry? Are you releasing all attributes,
or just specific named attributes?
Matt
On Tuesday, November 13, 2018 at 8:46:47 AM UTC-7, Zach Tackett wrote:
>
> This is the data we are getting back externally
>
> array(7) {
> ["samlAuthenticationStatementAuthMethod"]=>
> string(39) "urn:oasis:names:tc:SAML:1.0:am:password"
> ["isFromNewLogin"]=>
> string(4) "true"
> ["authenticationDate"]=>
> string(47) "2018-11-13T09:47:56.786-05:00[America/New_York]"
> ["authenticationMethod"]=>
> string(25) "LdapAuthenticationHandler"
> ["successfulAuthenticationHandlers"]=>
> string(25) "LdapAuthenticationHandler"
> ["longTermAuthenticationRequestTokenUsed"]=>
> string(5) "false"
> ["employeeNumber"]=>
> string(32) "1D89EC8ECD92959EE050650AEC077B26"
> }
>
> Internally when the server is running it is showing
>
> 2018-11-13 10:37:55,475 INFO
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <Authenticated principal [tackettz] and attributes {cn=tackettz,
> displayname=Tackett, Zachary, givenName=Zachary,
> LdapAuthenticationHandler.dn=cn=tackettz,ou=Office365,dc=marshall,dc=edu,
> sAMAccountName=tackettz, sn=Tackett,
> UDC_IDENTIFIER=1D89EC8ECD92959EE050650AEC077B26} with credentials [tackettz].>
>
>
> On Tuesday, November 13, 2018 at 10:28:31 AM UTC-5, Matthew Uribe wrote:
>>
>> Hi Zach,
>>
>> I think you're leaving everyone here in the position of having to assume
>> which version of CAS you're using, as well as what you currently have in
>> place. Do you have a working CAS server now? What version are you working
>> on?
>>
>> Thanks,
>> Matt
>>
>> On Tuesday, November 13, 2018 at 8:08:08 AM UTC-7, Zach Tackett wrote:
>>>
>>> I tried what you mentioned and everytime I rebuild the CAS server it
>>> breaks because it doesn't like the .attributeRepository part of the
>>> attribute
>>>
>>> On Tuesday, November 13, 2018 at 9:54:57 AM UTC-5, Mac Reid wrote:
>>>>
>>>> Assuming a working ldap attribute repository, we added the following
>>>> line to our cas.properties:
>>>>
>>>> cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER
>>>>
>>>> In the above line, the udcid is the ldap attribute and the
>>>> UDC_IDENTIFIER is the CAS name for the attribute.
>>>> In our Banner service file, we have the following:
>>>>
>>>> attributeReleasePolicy: {
>>>> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
>>>> allowedAttributes: ["java.util.ArrayList", ["UDC_IDENTIFIER"]]
>>>> }
>>>>
>>>> For reference:
>>>> https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#ldap
>>>>
>>>> - Mac
>>>>
>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f1ebd7fe-07c5-48b0-9800-730f424dcffb%40apereo.org.
