Hi, When my users login manually from CAS, attributes from AD are correctly retrieved and pass to my webapp. But with SPNEGO automatic login, i don't see on cas.log the attributes and my webapp (nextcloud) don't update user information (displayName, mail, memberOf). I don't see any row on apereo documentation who permit retrieve attributes from SPNEGO... Maybe I does create a service file specially for SPNEGO..? If you have any idea :) Thanks at all ;)
SPENGO section from cas.properties : cas.authn.spnego.kerberosConf=file:/etc/krb5.conf cas.authn.spnego.mixedModeAuthentication=true cas.authn.spnego.cachePolicy=600 cas.authn.spnego.timeout=300000 cas.authn.spnego.jcifsServicePrincipal=HTTP/[email protected] cas.authn.spnego.jcifsServicePassword=MyPassWord cas.authn.spnego.loginConf=file:/etc/cas/config/login.conf cas.authn.spnego.ntlmAllowed=false cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit cas.authn.spnego.hostNameClientActionStrategy=baseSpnegoClientAction cas.authn.spnego.kerberosKdc=192.168.0.1 cas.authn.spnego.ipsToCheckPattern=10.+ cas.authn.spnego.kerberosDebug=true cas.authn.spnego.kerberosRealm=DOMAIN.LAN cas.authn.spnego.send401OnAuthenticationFailure=true # cas.authn.spnego.jcifsNetbiosWins= # cas.authn.spnego.hostNamePatternString=.+ # cas.authn.spnego.jcifsUsername= # cas.authn.spnego.useSubjectCredsOnly=false # cas.authn.spnego.jcifsDomainController= # cas.authn.spnego.dnsTimeout=2000 # cas.authn.spnego.alternativeRemoteHostAttribute=alternateRemoteHeader # cas.authn.spnego.jcifsDomain= # cas.authn.spnego.ntlm=false cas.authn.spnego.principalWithDomainName=false # cas.authn.spnego.jcifsPassword= cas.authn.spnego.spnegoAttributeName=sAMAccountName # cas.authn.spnego.name=DOMAIN.LAN cas.authn.spnego.principal.principalAttribute=sAMAccountName # cas.authn.spnego.principal.returnNull=false And the section for AD : cas.authn.ldap[1].type=AD cas.authn.ldap[1].ldapUrl=ldap://10.0.0.1 cas.authn.ldap[1].useSsl=false cas.authn.ldap[1].useStartTls=false cas.authn.ldap[1].connectTimeout=5000 cas.authn.ldap[1].baseDn=DC=DOMAIN1,DC=LAN cas.authn.ldap[1].bindDn=DOMAIN1\\mylogin cas.authn.ldap[1].bindCredential=MyBindPassword cas.authn.ldap[1].principalAttributeId=sAMAccountName cas.authn.ldap[1].principalAttributePassword=unicodePwd cas.authn.ldap[1].principalAttributeList=sAMAccountName,sn,cn,givenName,displayName,mail,memberOf cas.authn.ldap[1].userFilter=(sAMAccountName={user}) cas.authn.ldap[1].dnFormat=%[email protected] cas.authn.ldap[1].allowMultiplePrincipalAttributeValues=true cas.authn.ldap[1].subtreeSearch=true cas.authn.ldap[1].usePasswordPolicy=false cas.authn.ldap[1].failFast=false -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6b211705-5ccd-496a-88f3-5637344f5604%40apereo.org.
