CAS Management can't retrieve the list of attributes available on CAS Server?
I have added configuration to management.properties, but it didn't work. CAS Management only contains the default attributes (uid, eppn, givenName). I have tried adding the STUB configuration, unfortunately it is static. > ... attributeRepository.stub.attributes.uid = uid > ......... I hope CAS Management can take available attributes based on the CAS Server configuration. Can anyone give me a suggestion for what i want? Sent from my iPhone > On 10 Apr 2019, at 23.03, Ray Bon <r...@uvic.ca> wrote: > > Fahmi, > > Our management server is too old to have this feature. > Start here, > https://apereo.github.io/cas/5.3.x/integration/Attribute-Release.html > You probably have to add properties to management service properties file. > > Ray > >> On Tue, 2019-04-09 at 17:57 -0700, Fahmi L. Ramdhani wrote: >> Thank you for the quick reply. >> >> First I accessed via the browser >> https://cas.example.com/cas/status/discovery, then CAS directed to login. >> After successfully logging in, the results are like this: >> { >> "@class": "java.util.LinkedHashMap", >> "profile": { >> "@class": "org.apereo.cas.discovery.CasServerProfile", >> "registeredServiceTypes": { >> "@class": "java.util.HashMap", >> "CAS Client": "org.apereo.cas.services.RegexRegisteredService" >> }, >> "registeredServiceTypesSupported": { >> "@class": "java.util.HashMap", >> "SAML2 Service Provider": >> "org.apereo.cas.support.saml.services.SamlRegisteredService", >> "WS Federation Relying Party": >> "org.apereo.cas.ws.idp.services.WSFederationRegisteredService", >> "OpenID Connect Relying Party": >> "org.apereo.cas.services.OidcRegisteredService", >> "OAuth2 Client": >> "org.apereo.cas.support.oauth.services.OAuthRegisteredService", >> "CAS Client": "org.apereo.cas.services.RegexRegisteredService" >> }, >> "multifactorAuthenticationProviderTypesSupported": { >> "@class": "java.util.HashMap", >> "mfa-gauth": "Google Authenticator", >> "mfa-swivel": "Swivel Secure", >> "mfa-authy": "Authy", >> "mfa-radius": "RADIUS (RSA,WiKID)", >> "mfa-u2f": "FIDO U2F", >> "mfa-azure": "Microsoft Azure", >> "mfa-duo": "Duo Security" >> }, >> "delegatedClientTypesSupported": [ >> "java.util.HashSet", >> [ >> "OAuth20Client", >> "OAuth10Client", >> "TwitterClient", >> "FoursquareClient", >> "QQClient", >> "OrcidClient", >> "FacebookClient", >> "OkClient", >> "FormClient", >> "CasProxyReceptor", >> "GitHubClient", >> "KeycloakOidcClient", >> "BitbucketClient", >> "WordPressClient", >> "OidcClient", >> "WindowsLiveClient", >> "VkClient", >> "LinkedIn2Client", >> "YahooClient", >> "WechatClient", >> "Google2Client", >> "StravaClient", >> "GenericOAuth20Client", >> "AzureAdClient", >> "GoogleOidcClient", >> "CasOAuthWrapperClient", >> "PayPalClient", >> "WeiboClient", >> "DropBoxClient", >> "SAML2Client", >> "CasClient", >> "IndirectBasicAuthClient" >> ] >> ], >> "availableAttributes": [ >> "java.util.LinkedHashSet", >> [ >> "mail", >> "eppn", >> "displayName", >> "givenName", >> "uid" >> ] >> ] >> } >> } >> >> You can see the availableAttributes section? I need it to make it easier for >> CAS administrators to release attributes for each service. But when I access >> https://cas.example.com/cas-management and try to add services, the "mail", >> "eppn", "displayName", "givenName", "uid" attributes not show in the >> dropdown option ( Attribute Release Policy). I hope the dropdown option >> contains dynamic based on the attributes in JDBC (Multi-Row), but I have not >> found a solution. How to solve this problem? >> >> Thank you. >> >> >> Pada Rabu, 10 April 2019 07.45.56 UTC+7, rbon menulis: >>> >>> Fahmi, >>> >>> I have not set up any of the status features for cas, so have no experience >>> here. >>> Can you access it with a browser (that is, have you verified it is working >>> as expected)? >>> >>> What is your reason for using curl? >>> >>> Perhaps there is another alternative that others on the list have tried. >>> >>> Ray >>> >>>> On Wed, 2019-04-10 at 07:34 +0700, Fahmi L. Ramdhani wrote: >>>> Please tell me how to unprotect? In cas.properties i have to set >>>> >>>> endpoints.status.discovery.enabled = true >>>> ..sensitive = false >>>> >>>> Sorry for my questions. Thank you Ray. >>>> Sent from my iPhone >>>> >>>> On 10 Apr 2019, at 07.05, Ray Bon <rb...@uvic.ca> wrote: >>>> >>>>> Fahmi, >>>>> >>>>> It looks like /cas/status/discovery is protected by cas and it redirects >>>>> to cas/login (status code 302). >>>>> Should the discovery page be protected? >>>>> >>>>> Ray >>>>> >>>>>> On Tue, 2019-04-09 at 16:43 -0700, Fahmi L. Ramdhani wrote: >>>>>> I tried accessing the result curl like this: >>>>>> >>>>>> curl -v https://cas.example.com:8443/cas/status/discovery >>>>>> * Trying 2xx.60.112.9... >>>>>> * Connected to cas.example.com (2xx.60.112.9) port 8443 (#0) >>>>>> * found 148 certificates in /etc/ssl/certs/ca-certificates.crt >>>>>> * found 592 certificates in /etc/ssl/certs >>>>>> * ALPN, offering http/1.1 >>>>>> * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 >>>>>> * server certificate verification OK >>>>>> * server certificate status verification SKIPPED >>>>>> * common name: cas.example.com (matched) >>>>>> * server certificate expiration date OK >>>>>> * server certificate activation date OK >>>>>> * certificate public key: RSA >>>>>> * certificate version: #3 >>>>>> * subject: CN=cas.example.com >>>>>> * start date: Wed, 03 Apr 2019 09:32:48 GMT >>>>>> * expire date: Tue, 02 Jul 2019 09:32:48 GMT >>>>>> * issuer: C=US,O=XXXXXXXXXXX,CN=XXXXXXXXXXXXXX >>>>>> * compression: NULL >>>>>> * ALPN, server did not agree to a protocol >>>>>> > GET /cas/status/discovery HTTP/1.1 >>>>>> > Host: cas.example.com:8443 >>>>>> > User-Agent: curl/7.47.0 >>>>>> > Accept: */* >>>>>> > >>>>>> < HTTP/1.1 302 >>>>>> < Cache-Control: no-cache, no-store, max-age=0, must-revalidate >>>>>> < Pragma: no-cache >>>>>> < Expires: 0 >>>>>> < Strict-Transport-Security: max-age=15768000 ; includeSubDomains >>>>>> < X-Content-Type-Options: nosniff >>>>>> < X-Frame-Options: DENY >>>>>> < X-XSS-Protection: 1; mode=block >>>>>> < Set-Cookie: JSESSIONID=AECBB7BF899FAFB0B707CE228ECC19EC; Path=/cas; >>>>>> Secure; HttpOnly >>>>>> < Location: >>>>>> https://cas.example.com:8443/cas/login?service=https%3A%2F%2Fcas.example.com%3A8443%2Fcas%2Fstatus%2Fdiscovery >>>>>> < Transfer-Encoding: chunked >>>>>> < Date: Tue, 09 Apr 2019 23:34:01 GMT >>>>>> < >>>>>> * Connection #0 to host cas.example.com left intact >>>>>> >>>>>> Can anyone help please? >>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google Groups >>>>> "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send an >>>>> email to cas-...@apereo.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6865637d5002e54d38c2e2e619ff06ec63e45f0a.camel%40uvic.ca. >>>> >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/4314fa3d37e510b2956fdda5527281a09aa882d1.camel%40uvic.ca. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CCD58B73-2087-41E3-BB23-3247EB357DE0%40gmail.com.
