Hello, I need your help on a problem I have with my CAS environment.
Here is my CAS configuration: # LDAP Authentication #cas.authn.ldap[0].type=AD cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].ldapUrl=${ldap.url} cas.authn.ldap[0].connectTimeout=5000 cas.authn.ldap[0].bindDn=${ldap.bindDn} cas.authn.ldap[0].bindCredential=${ldap.bindCredential} cas.authn.ldap[0].minPoolSize=2 cas.authn.ldap[0].maxPoolSize=5 cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].baseDn=${ldap.baseDn} cas.authn.ldap[0].searchFilter=${ldap.searchFilter} cas.authn.ldap[0].dnFormat=${ldap.dnFormat} cas.authn.ldap[0].principalAttributeId=sAMAccountName cas.authn.ldap[0].principalAttributeList=objectGUID:objectGUIDFromAuthHandler # LDAP Attribute Repository cas.authn.attributeRepository.ldap[0].attributes.uid=uid cas.authn.attributeRepository.ldap[0].attributes.objectGUID=objectGUIDFromAttrRepo cas.authn.attributeRepository.ldap[0].attributes.mail=email cas.authn.attributeRepository.ldap[0].attributes.givenName=prenom cas.authn.attributeRepository.ldap[0].attributes.sn=nom cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName=username cas.authn.attributeRepository.ldap[0].ldapUrl=${ldap.url} cas.authn.attributeRepository.ldap[0].useSsl=false cas.authn.attributeRepository.ldap[0].useStartTls=false cas.authn.attributeRepository.ldap[0].baseDn=${ldap.baseDn} cas.authn.attributeRepository.ldap[0].searchFilter=${ldap.searchFilter} cas.authn.attributeRepository.ldap[0].bindDn=${ldap.bindDn} cas.authn.attributeRepository.ldap[0].bindCredential=${ldap.bindCredential} As a test, I get the "objectGUID" attribute from my ActiveDirectory twice, once from the authentication handler directly, once from the LDAP Attribute Repository. My goal is to get it only from the AttributeRepository (because I also have SPNEGO authentication activated). The problem is that I do not get the same objectGUID in both cases! From the AuthenticatoinHandler I get a base64 encoded GUID. From the AttributeRepository I get a binary object corresponding to ANOTHER GUID when I encode it to base64. Strangely, other attributes are ok: if I get displayName or givenName from the AuthenticationHandler and the AttributeRepository, they are the same. Is this a known issue? Is there a problem with my configuration? Can I do anything to solve this or provide any other information for someone to help me with this issue? Thank you a lot for your help. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b21002fd-23e7-4abd-93b5-5e7145253789%40apereo.org.