Hi Colin,
I have take a look into your problem, which is using *Radius Authentication
a*nd *LDAP *attribute, and LDAP attribute don't come up.
I am using CAS 6.1.1 + Freeradius + OpenLDAP as demo, but I think the
solution should be applicable to CAS 6.0 and other technology as well.
Before going for the fix, I did some research and deducing:
- LDAP Attribute + other authentication *do work* (e.g. JSON / REST) ....
- So the problems seems to be *Radius Authetication*
- I am suspecting that, because Radius Authentication is so deeply coupled
with MFA, if we don't enabled MFA Radius will have weird behavior.
After some trail and error, here what I did to make LDAP attribute appears:
- In here
https://github.com/apereo/cas/blob/v6.1.1/support/cas-server-support-radius/src/main/java/org/apereo/cas/config/RadiusConfiguration.java#L168
plan.registerAuthenticationHandler(radiusAuthenticationHandler());
Change it to
plan.registerAuthenticationHandlerWithPrincipalResolver(radiusAuthenticationHandler(),
defaultPrincipalResolver.getObject());
And add defaultPrincipalResolver back to the file:
@Autowired
@Qualifier("defaultPrincipalResolver")
private ObjectProvider<PrincipalResolver> defaultPrincipalResolver;
And... after that change, as you can see in the below capture, I can login
with Radius Authentication and also output LDAP Attribute.
[image: Annotation 2019-11-07 173857.png]
I am using hard coded method to fix the above, you should use more elegant
way to fix it, or better yet submit a PR to CAS to fix the source of
problem :)
If you have docker installed, I have also a github branch here:
https://github.com/NgSekLong/SelectUrCAS/tree/test_radius_problem_20191107
Which contain the fixed version demo for your testing.
You can see the demo after cloning the above repository, and execute the
below Command to generate the demo:
docker-compose -f docker-compose.yml -f
./source/authentication/freeradius/docker-compose.yml -f
./source/authentication-attribute/openldap/docker-compose.yml -f
./source/client/phpcas/docker-compose.yml -f
./source/service-registry/json-1001/docker-compose.yml up
Go to https://127.0.0.1:8443/cas/login <http://127.0.0.1:8443/cas/login>
casuser:Mellon
Should see the result
See if the above helps you...
Cheers!
- Andy
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ddc3147f-cbe2-4bd8-a349-38b88df25115%40apereo.org.
