David, I'm using Json Service Registry. You're telling me that the responsible for multi-value attributes is not the service registry but the repository 'im using? (In my case Active Directory).
So, let me show you the example i'm using. I need to map a multi-value attribute for the attribute " https://aws.amazon.com/SAML/Attributes/Role"; Here an example of my JSON. { "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService", "serviceId" : "urn:amazon:webservices", "name" : "AWS", "id" : 10000003, "description" : "CAS AWS", "signAssertions" : true, "signResponses" : true, "metadataLocation" : "file:/etc/cas/saml/sp-aws.xml", "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", "allowedAttributes" : { "@class" : "java.util.TreeMap", "description" : "https://aws.amazon.com/SAML/Attributes/Role";, "extensionAttribute1" : "https://aws.amazon.com/SAML/Attributes/Role";, "extensionAttribute2" : "https://aws.amazon.com/SAML/Attributes/RoleSessionName";, "extensionAttribute3" : "SessionDuration" } }, "evaluationOrder" : 1125 } What i need is to use the values of "description" and "extensionAttribute1" in the same attribute, in this case "https://aws.amazon.com/SAML/Attributes/Role"; I've try to use the attribute Repository but still returns only one value Here's my .prop file: cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldap://192.168.12.22:389/ cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].connectTimeout=5000 cas.authn.ldap[0].baseDn=OU=Usuarios HORACIUS,DC=shoracius,DC=com,DC=br cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].searchFilter=sAMAccountName={user} cas.authn.ldap[0][email protected] cas.authn.ldap[0].bindCredential=Teste@123 cas.authn.ldap[0].dnFormat=%[email protected] cas.authn.ldap[0].principalAttributeId=sAMAccountName cas.authn.ldap[0].principalAttributePassword=unicodePwd cas.authn.ldap[0].principalAttributeList=givenName,sn,mail,displayName,description,extensionAttribute1,extensionAttribute2,extensionAttribute3 cas.authn.ldap[0].failFast=false cas.authn.attributeRepository.ldap[0].ldapUrl=ldap://192.168.12.22:389/ cas.authn.attributeRepository.ldap[0][email protected] cas.authn.attributeRepository.ldap[0].bindCredential=******** cas.authn.attributeRepository.ldap[0].poolPassivator=BIND cas.authn.attributeRepository.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.attributeRepository.ldap[0].useSsl=false cas.authn.attributeRepository.ldap[0].useStartTls=false cas.authn.attributeRepository.ldap[0].name=AD cas.authn.attributeRepository.expirationTime=30 cas.authn.attributeRepository.expirationTimeUnit=MINUTES cas.authn.attributeRepository.maximumCacheSize=10000 cas.authn.attributeRepository.merger=MERGE cas.authn.attributeRepository.ldap[0].attributes.description=extensionAttribute1 # cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName # cas.authn.attributeRepository.ldap[0].attributes.cn=commonName Can you help me on this quest.? I'm from Brazil, so i'm sorry for my English or anything. Thanks in advice and i've appreciate your help. Em sexta-feira, 16 de novembro de 2018 13:26:22 UTC-2, David Curry escreveu: > > Since I'm the only "David" I see in this thread I assume you're asking > me... but I'm not sure I understand the question. Where are you putting the > JSON that you're expecting CAS to consume it and then spit it out in a SAML > response? > > Normally, CAS will get the attributes from whatever repositories you > configure it to use, and take care of putting them into the response > itself; you don't have to specify any JSON. As far as I know, multi-valued > attributes should work just fine with that. > > The JSON I provided back earlier in this thread was in a service registry > definition to show how to rename attributes, not provide their values. > > --Dave > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR OF INFORMATION SECURITY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • [email protected] <javascript:> > > > On Fri, Nov 16, 2018 at 10:08 AM Willian Gonzales <[email protected] > <javascript:>> wrote: > >> Hi David! >> >> i'm praying that you see my question now because i really need your help. >> I want to thank you because you really helped me showing the .json >> configurattion. >> But i need some help on this. >> >> How do i manage to do a multi value attribute on json. >> I need the SAML response to be like this >> >> <Attribute Name="attribute"> <AttributeValue>1</AttributeValue> < >> AttributeValue>2</AttributeValue> <AttributeValue>3</AttributeValue> </ >> Attribute> >> >> Can you help me on this man? >> >> Regards >> >> Em quarta-feira, 16 de maio de 2018 11:49:10 UTC-3, David Curry escreveu: >>> >>> >>> >>> Here's a JSON definition for an Apache HTTPD with the Shibboleth >>> mod_shib/shibd plug-in: >>> >>> { >>> "@class" : >>> "org.apereo.cas.support.saml.services.SamlRegisteredService", >>> "serviceId" : "https://casdev-samlsp.newschool.edu/shibboleth";, >>> "name" : "Apache Secured By SAML", >>> "id" : 1509030300, >>> "description" : "CAS development Apache mod_shib/shibd server with >>> username/password protection", >>> "metadataLocation" : " >>> https://casdev-samlsp.newschool.edu/Shibboleth.sso/Metadata";, >>> "attributeReleasePolicy" : { >>> "@class" : >>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", >>> "allowedAttributes" : { >>> "@class" : "java.util.TreeMap", >>> "cn" : "urn:oid:2.5.4.3", >>> "displayName" : "urn:oid:2.16.840.1.113730.3.1.241", >>> "givenName" : "urn:oid:2.5.4.42", >>> "mail" : "urn:oid:0.9.2342.19200300.100.1.3", >>> "role" : "urn:newschool:attribute-def:role", >>> "sn" : "urn:oid:2.5.4.4", >>> "uid" : "urn:oid:0.9.2342.19200300.100.1.1", >>> "UDC_IDENTIFIER": "urn:newschool:attribute-def:UDC_IDENTIFIER" >>> } >>> }, >>> "evaluationOrder" : 1125 >>> } >>> >>> But if your SP doesn't care about the funky notation, you can just do it >>> the "regular" way... here's a definition for a test SP created via RSA's >>> free IAMShowcase site (this is a cut-down copy of the entire registry entry >>> to show the part you're interested in): >>> >>> { >>> "serviceId": "IAMShowcase", >>> "name": "RSA SAML Test Service Provider", >>> "theme": null, >>> "informationUrl": null, >>> "privacyUrl": null, >>> "id": 1202469081, >>> "description": "The URL for the SP that talks to this service is >>> https://sptest.iamshowcase.com/ixs?idp=<snip>", >>> "evaluationOrder": -1, >>> "attributeReleasePolicy": { >>> "@class": >>> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", >>> "allowedAttributes": [ >>> "displayName", >>> "givenName", >>> "sn", >>> "uid" >>> ] >>> } >>> } >>> >>> >>> --Dave >>> >>> >>> >>> >>> >>> -- >>> >>> DAVID A. CURRY, CISSP >>> *DIRECTOR OF INFORMATION SECURITY* >>> INFORMATION TECHNOLOGY >>> >>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >>> +1 212 229-5300 x4728 • [email protected] >>> >>> [image: The New School] >>> >>> On Wed, May 16, 2018 at 9:07 AM, John D Giotta <[email protected]> >>> wrote: >>> >>>> Do you have an example of this? >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3a71f33b-cc77-4c2a-be89-b712229a227a%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3a71f33b-cc77-4c2a-be89-b712229a227a%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b357bdfc-3d90-471a-88df-fb1507cd59fb%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b357bdfc-3d90-471a-88df-fb1507cd59fb%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cef00c55-1c57-49a2-a3b9-0de76dcbfcd1%40apereo.org.
