Running into an odd doubling of attribute values when surrogate access is
enabled.
On CAS 6.1.0 RC6
Here is my Surrogate config, Active Directory Auth config, and Attribute
repository:
# Surrogate config
cas.authn.surrogate.separator=+
cas.authn.surrogate.json.location=file:/etc/cas/config/surrogates.json
# set some properties we can re-use in authn and attributeRepository
configuration
ldap-url= ldaps://ad01.example.edu:636
ldap-binddn= cn=logon_ldap_user,ou=Application Users,ou=All_Users,dc
=example,dc=edu
ldap-bindpw= examplePass
ldap-auth-type= DIRECT
ldap-basedn= ou=All_Users,dc=example,dc=edu
ldap-dnformat= cn=%s,ou=All_Users,dc=example,dc=edu
ldap-user-filter= (cn={user})
ldap-max-pool-size=20
ldap-tls=false
ldap-ssl=true
# configure ldap authentication
cas.authn.ldap[0].trustCertificates=file:/etc/cas/trustedexamplecert.der
cas.authn.ldap[0].base-dn=${ldap-basedn}
cas.authn.ldap[0].bind-credential=${ldap-bindpw}
cas.authn.ldap[0].bind-dn=${ldap-binddn}
cas.authn.ldap[0].dn-format=${ldap-dnformat}
cas.authn.ldap[0].ldap-url=${ldap-url}
cas.authn.ldap[0].max-pool-size=${ldap-max-pool-size}
cas.authn.ldap[0].min-pool-size=0
cas.authn.ldap[0].subtree-search=true
cas.authn.ldap[0].type=${ldap-auth-type}
cas.authn.ldap[0].searchFilter=${ldap-user-filter}
cas.authn.ldap[0].use-ssl=${ldap-ssl}
cas.authn.ldap[0].use-start-tls=${ldap-tls}
# configure ldap attribute repository
cas.authn.attributeRepository.ldap[0].trustCertificates
=file:/etc/cas/trustedexamplecert.der
cas.authn.attributeRepository.ldap[0].ldapUrl=${ldap-url}
cas.authn.attributeRepository.ldap[0].order=0
cas.authn.attributeRepository.ldap[0].useSsl=${ldap-ssl}
cas.authn.attributeRepository.ldap[0].useStartTls=${ldap-tls}
cas.authn.attributeRepository.ldap[0].baseDn=${ldap-basedn}
cas.authn.attributeRepository.ldap[0].searchFilter=${ldap-user-filter}
cas.authn.attributeRepository.ldap[0].subtreeSearch=true
cas.authn.attributeRepository.ldap[0].bindDn=${ldap-binddn}
cas.authn.attributeRepository.ldap[0].bindCredential=${ldap-bindpw}
cas.authn.attributeRepository.ldap[0].minPoolSize=0
cas.authn.attributeRepository.ldap[0].maxPoolSize=${ldap-max-pool-size}
cas.authn.attributeRepository.ldap[0].validateOnCheckout=true
# configure validator for attribute repository
cas.authn.attributeRepository.ldap[0].validator.type=SEARCH
cas.authn.attributeRepository.ldap[0].validator.baseDn=${ldap-basedn}
cas.authn.attributeRepository.ldap[0].validator.searchFilter=(objectClass=*)
cas.authn.attributeRepository.ldap[0].validator.scope=OBJECT
cas.authn.attributeRepository.ldap[0].validator.attributeName=objectClass
cas.authn.attributeRepository.ldap[0].validator.attributeValues=top
# Get AD attributes
cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName
=samAccountName
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.mail=email
cas.authn.attributeRepository.ldap[0].attributes.mail=emailAddress
cas.authn.attributeRepository.ldap[0].attributes.givenName=givenName
cas.authn.attributeRepository.ldap[0].attributes.sn=surname
cas.authn.attributeRepository.ldap[0].attributes.cn=commonName
cas.authn.attributeRepository.ldap[0].attributes.memberOf=memberOf
When the surrogacy dependency is added to build.gradle the
attributeRepository returns doubled values for the attributes. See the
example attributes below"
cn [BONDR, BONDR]
displayName [Robert Bond, Robert Bond]
distinguishedName [CN=BONDR,OU=NSU,OU=All_Users,DC=example,DC=edu,
CN=BONDR,OU=All_Users,DC=example,DC=edu]
Any thoughts? When I remove the surrogate dependency from build.gradle it
returns the attributes correctly. ex: cn [BONDR]
Thanks!
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f3842e4-4e15-4101-b420-238935acceb9%40apereo.org.
