Issue was resolved , mentioned settings are enough so that it will work
пятница, 7 июня 2019 г., 14:41:59 UTC+3 пользователь Andrey Seledkov
написал:
>
> It start to work, when I ran it without Docker, locally
>
> These attributes enough to retrieve data in SAMLReponse
>
> #cas.authn.attributeRepository.jdbc[0].singleRow=true
> #cas.authn.attributeRepository.jdbc[0].requireAllAttributes=true
> #
> #cas.authn.attributeRepository.jdbc[0].sql=SELECT * FROM ml_emp WHERE {0}
> #cas.authn.attributeRepository.jdbc[0].username=USERNAME
> #cas.authn.attributeRepository.jdbc[0].driverClass=oracle.jdbc.OracleDriver
> #cas.authn.attributeRepository.jdbc[0].user=
> #cas.authn.attributeRepository.jdbc[0].password=
> #cas.authn.attributeRepository.jdbc[0].url=
> #cas.authn.attributeRepository.defaultAttributesToRelease=firstName,lastName
> #
> #cas.authn.attributeRepository.jdbc[0].attributes.FIRST_NAME=firstName
> #cas.authn.attributeRepository.jdbc[0].attributes.LAST_NAME=lastName
>
>
> But when I ran it over Docker - nothing
>
> четверг, 6 июня 2019 г., 16:48:36 UTC+3 пользователь Matthew Uribe написал:
>>
>> Same as Andy, I have CAS 5 working as SAML IdP. But I assume there are
>> others here doing so with CAS 6. In any case, I noticed in your log that
>> your issuer is "localhost:8443/cas/idp". Do you have your cas.server.name
>> and related properties set? It looks like it's creating the SAML response,
>> but then it can't find the service ticket, which could explain why your SP
>> is not getting anywhere.
>>
>> "name and prefix are always required settings"
>> https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties.html#cas-server
>>
>>
>> On Thursday, June 6, 2019 at 5:37:17 AM UTC-6, Andrey Seledkov wrote:
>>>
>>> In docs
>>>
>>> In order to allow CAS to support and respond to attribute queries, you
>>> need to make sure the generated metadata has the
>>> AttributeAuthorityDescriptor element enabled
>>>
>>> I noticed that when i put
>>>
>>> cas.authn.samlIdp.attributeQueryProfileEnabled=true
>>>
>>>
>>> in idp-metadata.xml tag AttributeAuthorityDescriptor commented and it
>>> is ignoring my flag
>>>
>>> четверг, 6 июня 2019 г., 4:19:39 UTC+3 пользователь Andy Ng написал:
>>>>
>>>> Hi Andrey,
>>>>
>>>> I do know for a fact that my CAS 5.3.x is running with SAML as idp and
>>>> connecting to other SAML sp just fine (multiple SAML client, including
>>>> SimpleSAMLPHP), no need modify the generated idp-metadata.xmp for me.
>>>>
>>>> So... Maybe if you still can't successfully connect to SAML, it could
>>>> be the following:
>>>> - Maybe CAS 6 have bug
>>>> - Maybe keycloak doesn't actually return the attribute to you (highly
>>>> doubt it)
>>>> - Maybe your config is wrong (which is unlikely, from what you provide
>>>> it seems the config is ok)
>>>>
>>>> So, maybe try using CAS 5.3.x and see if that work? CAS 5 to 6 have a
>>>> big jump, so it is possible that there is some obscure bug that discovered
>>>> first by you.
>>>>
>>>> - Andy
>>>>
>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3bc44a62-5dbc-4b81-be57-cc29b162e064%40apereo.org.
