Hi!After stumbling a few more times, I finally got a working setup apart from a little fly in the ointment. Well, it is more a whale.
I have configured basic LDAP-Authentication and given the following directives in cas.properties after carefully consulting the docs.
cas.personDirectory.principalAttribute=uid
cas.personDirectory.returnNull=false
cas.personDirectory.principalResolutionFailureFatal=false
cas.personDirectory.useExistingPrincipalId=false
cas.personDirectory.attributeResolutionEnabled=true
as well as
cas.authn.ldap[0].principalAttributeList=givenName,mail,sn,eduPersonPrimaryAffiliation,eduPersonEntitlement,eduPersonScopedAffiliation,employeeType,displayName,memberOf,mailPrimaryAddress,mail,eduPersonPrincipalName,uid
And it works like a breeze until I add an AccessStrategy:
this works:
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "https://samltest.id/saml/sp";
"name" : "SAMLtest.id",
"id" : 10000003,
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "uid",
"canonicalizationMode" : "LOWER"
},
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList",
["uid","mailPrimaryAddress", "sn" , "givenName",
"edupersonScopedAffiliation" ] ]
}, "evaluationOrder" : 10, "metadataLocation" : "file:///etc/cas/saml/sp-metadata/samltest.xml" } This throws an exception telling me :org.jasig.cas.client.validation.TicketValidationException: No principal was found in the response from the CAS server.
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "https://samltest.id/saml/sp";
"name" : "SAMLtest.id",
"id" : 10000003,
"accessStrategy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true,
"requireAllAttributes": false,
"requiredAttributes" : {
"@class" : "java.util.HashMap",
"eduPersonEntitlement" : [ "java.util.HashSet", [
"urn:mace:uni-frankfurt.de:hrz:zoom:access" ] ],
"memberOf" : [ "java.util.HashSet", [
"mywonderfulmemberof"] ]
}
},
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "uid",
"canonicalizationMode" : "LOWER"
},
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList",
["uid","mailPrimaryAddress", "sn" , "givenName",
"edupersonScopedAffiliation" ] ]
}, "evaluationOrder" : 10, "metadataLocation" : "file:///etc/cas/saml/sp-metadata/samltest.xml" }Since I have not found much online when it comes to this, I am sure, I have misconfigured something. And not necessarily in those configs.
Any ideas? Best regards, Sven Specker -- __________________________________________________________________ *** Sven Specker -- University of Frankfurt Computing Center *** *********** UNIX System Administration (Auth/IDM) **************** ***** [email protected] [Phone (+49)-69-798-15188] ***** ****************************************************************** __________________________________________________________________ Johann Wolfgang Goethe Universitaet - Hochschulrechenzentrum - Theodor W. Adorno-Platz 1 (PA-1P16) D-60323 Frankfurt/Main __________________________________________________________________ ______________ TeX-users do it in {groups}________________________ -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG--- You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/22d066df-2e9b-0ea7-fb14-fb95ef615ef3%40rz.uni-frankfurt.de.
smime.p7s
Description: S/MIME Cryptographic Signature
