[cas-user] [Cas 6.0.7] Surrogate attributes are lost when account is selected in GUI mode

Thu, 05 Dec 2019 07:39:15 -0800 

Hi all,

I'm trying to implement surrogate authentication on Cas 6.0.7 with account 
selection both preselected and gui mode.
I actually manage to authenticate in both modes, but qith gui account 
selection mode the surrogate attributes are lost.


With preselection mode (correct):

WHO: (Primary User: [[myoperator, myoperator]], Surrogate User: 
[[mycustomer, mycustomer]])
WHAT: TGT-2-*****EtKSM5O9Bc-myhost-local
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Thu Dec 05 15:44:18 CET 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1




With Gui mode (wrong):
=============================================================
WHO: myoperator
WHAT: Supplied credentials: 
[UsernamePasswordCredential(username=myoperator, source=null)]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Thu Dec 05 15:56:09 CET 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2019-12-05 15:56:26,724 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN
=============================================================
WHO: mycustomer
WHAT: TGT-4-*****92QlWz5Vs4-myhost-local
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Thu Dec 05 15:56:26 CET 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================




turning on debug log there is no significant difference:
1) Attributes seem to be merged correctly ( DEBUG 
[org.apereo.cas.authentication.CoreAuthenticationUtils] - <Merged 
attributes with the final result as [{iduser=[myoperatorid, mycustomerid],)
2) the princial is always nominated as mycustomer


Accounts are stored using jdbc and tickets are exported in JWT.


Any idea on how I can get surrogate attributes to be exported also using 
gui mode?
Thanks in advance

Michele


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/df070006-4496-4ec3-b13d-0153a6ff28fc%40apereo.org.

Reply via email to