Folks,
I'm trying to have Radius be my Authentication Method but gather
attributes from the LDAP entry for the user. The LDAP database is the
same one that is actually backing the RADIUS auth.
Seemed straight forward enough based upon:
https://apereo.github.io/2018/10/18/cas5-radius-mfa-authn/
The authentication part is working and I can see in the Logs that the
personDirectory function is getting the attributes, but they aren't been
show as the available attributes in the default no-resource user page
that CAS uses in it's most primitive state.
The authentication seems to put the basic RADIUS response into the
SimplePrincipal
[SimplePrincipal(id=colinr, attributes={Service-Type=Framed-User,
Framed-Protocol=PPP})]>
And the LDAP Attribute Resolver seems to be working
DEBUG [org.apereo.services.persondir.support.ldap.LdaptivePersonAttributeDao] -
<Converted
ldap DN entry [uid=colinr, ou=People, o=caveo, o=isp] to attribute map
{uid=[colinr], inetUserStatus=[Active], cn=[9999
999]}>^[[m
^[[36m2019-10-27 13:31:06,336 DEBUG
[org.apereo.services.persondir.support.MergingPersonAttributeDaoImpl] -
<Retrieved a
ttributes='[NamedPersonImpl[name=colinr,attributes={uid=[colinr],
inetUserStatus=[Active], commonName=[9999999]}]]' for
query='{username=[colinr]}', isFirstQuery=false,
currentlyConsidering='org.apereo.services.persondir.support.ldap.Ldapti
vePersonAttributeDao@1e224cb6', resultAttributes='null'>^[[m
But the two set's never merge.
I'm sure it's just newbie mistake but I've read the documentation a
number of time, and can't seem to figure it out.
Config is below CAS 6.0.5.1
cas.authn.accept.users=
#cas.authn.ldap[0].order=1
## Radius
cas.authn.radius.name=CAS1
cas.authn.radius.server.protocol=PAP
cas.authn.radius.server.retries=1
cas.authn.radius.client.authenticationPort=1645
cas.authn.radius.client.sharedSecret=xxxx
cas.authn.radius.client.inetAddress=100.10.1.182
cas.authn.radius.client.accountingPort=1646
# LDAP As Attribute Repository
cas.authn.attribute-repository.ldap[0].order=1
cas.authn.attribute-repository.ldap[0].attributes.uid=uid
cas.authn.attribute-repository.ldap[0].attributes.cn=commonName
cas.authn.attribute-repository.ldap[0].attributes.memberOf=memberOf
cas.authn.attribute-repository.ldap[0].attributes.dn=dn
cas.authn.attribute-repository.ldap[0].attributes.inetUserStatus=inetUserStatus
cas.authn.attribute-repository.ldap[0].ldapUrl=ldap://100.10.1.230:3131
cas.authn.attribute-repository.ldap[0].useSsl=false
cas.authn.attribute-repository.ldap[0].useStartTls=false
cas.authn.attribute-repository.ldap[0].baseDn=o=isp
cas.authn.attribute-repository.ldap[0].searchFilter=uid={0}
cas.authn.attribute-repository.ldap[0].bindDn=xxxxxx
cas.authn.attribute-repository.ldap[0].bindCredential=xxxx
cas.person-directory.return-null=false
cas.person-directory.principal-attribute=uid
cas.authn.attribute-repository.expiration-time=-1
cas.authn.attribute-repository.maximum-cache-size=0
cas.authn.attribute-repository.merger=MERGE
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/71770cba-3a4f-d83e-2a95-b16425fd6450%40caveo.ca.
