You dont need an allowedAttributes sections for this, just an
attributeReleasePolicy like so:
attributeReleasePolicy : {
@class : org.apereo.cas.services.ReturnMappedAttributeReleasePolicy
allowedAttributes : {
@class : java.util.TreeMap
mail : "urn:oid:0.9.2342.19200300.100.1.3"
gecos : "urn:oid:2.16.840.1.113730.3.1.241"
eduPersonPrincipalName : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
}
}
On Thursday, January 23, 2020 at 3:54:19 AM UTC-5, stonej wrote:
>
> Hello All,
>
> I am trying to move away from shibboleth IDP and move to CAS IDP but
> having a few issues, I have had a look at the documentation and this group
> and cannot seem to find the answer. I need to pass certain attributes,
> these ones -
>
> urn:oid:0.9.2342.19200300.100.1.3 - mail value email address
> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value member
> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value staff or
> student
> urn:oid:1.3.6.1.4.1.5923.1.1.1.6 - eduPersonPrincipalName mail value email
> address
> urn:oid:2.5.4.4 - sn value surname
> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value
> [email protected] <javascript:>
> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value staff
> or [email protected] <javascript:>
> urn:oid:2.5.4.42 - givenName value First Name
> urn:oid:1.3.6.1.4.1.5923.1.1.1.10 - eduPersonTargetedID Value random id
> based on salt
> urn:oid:1.3.6.1.4.1.5923.1.1.1.7 - eduPersonEntitlement value
> urn:mace:dir:entitlement:common-lib-terms
>
> but I am getting :
>
> credentialType credentialType UsernamePasswordCredential
> samlAuthenticationStatementAuthMethod
> samlAuthenticationStatementAuthMethod
> urn:oasis:names:tc:SAML:1.0:am:password
> isFromNewLogin isFromNewLogin true
> authenticationDate authenticationDate 2020-01-22T13:59:03.213799Z
> urn:oid:0.9.2342.19200300.100.1.3 urn:oid:0.9.2342.19200300.100.1.3
> [email protected] <javascript:>
> authenticationMethod authenticationMethod LdapAuthenticationHandler
> urn:oid:0.9.2342.19200300.100.1.1 urn:oid:0.9.2342.19200300.100.1.1
> Username
> successfulAuthenticationHandlers successfulAuthenticationHandlers
> LdapAuthenticationHandler
> longTermAuthenticationRequestTokenUsed
> longTermAuthenticationRequestTokenUsed false
> urn:oid:2.5.4.42 urn:oid:2.5.4.42 FirstName
> urn:oid:2.5.4.4 urn:oid:2.5.4.4 Surname
>
> Here is my JSON file:
>
> {
> "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
> "serviceId" : "SERVICE",
> "name" : "Apache Secured By SAML",
> "id" : 100000011,
> "description" : "CAS development Apache mod_shib/shibd server with
> username/password protection",
> "metadataLocation" : "file:////etc/cas/saml/metadata/metadata.xml",
> "encryptAssertions": "true",
> "attributeReleasePolicy" : {
> "@class" :
> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
> "allowedAttributes" : {
> "@class" : "java.util.TreeMap",
> "eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName",
> "cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
> "displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
> "givenName" : "urn:oid:2.5.4.42",
> "mail" : "urn:oid:0.9.2342.19200300.100.1.3",
> "role" : "urn:DOMAIN:attribute-def:role",
> "sn" : "urn:oid:2.5.4.4",
> "uid" : "urn:oid:0.9.2342.19200300.100.1.1",
> "UDC_IDENTIFIER": "urn:DOMAIN:attribute-def:UDC_IDENTIFIER",
> "eppn" : "urn:oid:0.9.2342.19200300.100.1.1"
> "affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
> "affiliation" : "staff"
> }
> "persistentIdGenerator" : {
> "@class" :
> "org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
> "salt" : "aGVsbG93b3JsZA==",
> "attribute": "eduPersonEntitlement"
> }
> },
> "evaluationOrder" : 1125
> }
>
>
> What am I doing wrong ? I do have other files to prepare but I know if I
> can get this one working I can get the other ones working,
>
> Thanks for all your help
>
> Jeff
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d7120e00-0c4f-440f-aba9-8a6241a8bcf3%40apereo.org.
