I found the same behavior...I asked several weeks ago if there was a way to force a repository attribute to be handled as binary and force base64 coding.
On Monday, May 4, 2020 at 3:42:41 AM UTC-5, Benjamin Bini wrote: > > > Hello, > > I need your help on a problem I have with my CAS environment. > > Here is my CAS configuration: > > > > # LDAP Authentication > #cas.authn.ldap[0].type=AD > cas.authn.ldap[0].type=AUTHENTICATED > cas.authn.ldap[0].useSsl=false > cas.authn.ldap[0].useStartTls=false > cas.authn.ldap[0].ldapUrl=${ldap.url} > cas.authn.ldap[0].connectTimeout=5000 > cas.authn.ldap[0].bindDn=${ldap.bindDn} > cas.authn.ldap[0].bindCredential=${ldap.bindCredential} > cas.authn.ldap[0].minPoolSize=2 > cas.authn.ldap[0].maxPoolSize=5 > cas.authn.ldap[0].subtreeSearch=true > cas.authn.ldap[0].baseDn=${ldap.baseDn} > cas.authn.ldap[0].searchFilter=${ldap.searchFilter} > cas.authn.ldap[0].dnFormat=${ldap.dnFormat} > cas.authn.ldap[0].principalAttributeId=sAMAccountName > cas.authn.ldap[0].principalAttributeList=objectGUID:objectGUIDFromAuthHandler > > > # LDAP Attribute Repository > cas.authn.attributeRepository.ldap[0].attributes.uid=uid > cas.authn.attributeRepository.ldap[0].attributes.objectGUID=objectGUIDFromAttrRepo > cas.authn.attributeRepository.ldap[0].attributes.mail=email > cas.authn.attributeRepository.ldap[0].attributes.givenName=prenom > cas.authn.attributeRepository.ldap[0].attributes.sn=nom > cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName > cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName=username > cas.authn.attributeRepository.ldap[0].ldapUrl=${ldap.url} > cas.authn.attributeRepository.ldap[0].useSsl=false > cas.authn.attributeRepository.ldap[0].useStartTls=false > cas.authn.attributeRepository.ldap[0].baseDn=${ldap.baseDn} > cas.authn.attributeRepository.ldap[0].searchFilter=${ldap.searchFilter} > cas.authn.attributeRepository.ldap[0].bindDn=${ldap.bindDn} > cas.authn.attributeRepository.ldap[0].bindCredential=${ldap.bindCredential} > > > > As a test, I get the "objectGUID" attribute from my ActiveDirectory twice, > once from the authentication handler directly, once from the LDAP Attribute > Repository. My goal is to get it only from the AttributeRepository (because > I also have SPNEGO authentication activated). > > The problem is that I do not get the same objectGUID in both cases! From > the AuthenticatoinHandler I get a base64 encoded GUID. From the > AttributeRepository I get a binary object corresponding to ANOTHER GUID > when I encode it to base64. Strangely, other attributes are ok: if I get > displayName or givenName from the AuthenticationHandler and the > AttributeRepository, they are the same. > > > Is this a known issue? Is there a problem with my configuration? Can I do > anything to solve this or provide any other information for someone to help > me with this issue? > > > Thank you a lot for your help. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f980b5aa-1c62-4b1c-b3c5-ef9fb1ba1b0a%40apereo.org.