I found the same behavior...I asked several weeks ago if there was a way to
force a repository attribute to be handled as binary and force base64
coding.
On Monday, May 4, 2020 at 3:42:41 AM UTC-5, Benjamin Bini wrote:
>
>
> Hello,
>
> I need your help on a problem I have with my CAS environment.
>
> Here is my CAS configuration:
>
>
>
> # LDAP Authentication
> #cas.authn.ldap[0].type=AD
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].useSsl=false
> cas.authn.ldap[0].useStartTls=false
> cas.authn.ldap[0].ldapUrl=${ldap.url}
> cas.authn.ldap[0].connectTimeout=5000
> cas.authn.ldap[0].bindDn=${ldap.bindDn}
> cas.authn.ldap[0].bindCredential=${ldap.bindCredential}
> cas.authn.ldap[0].minPoolSize=2
> cas.authn.ldap[0].maxPoolSize=5
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].baseDn=${ldap.baseDn}
> cas.authn.ldap[0].searchFilter=${ldap.searchFilter}
> cas.authn.ldap[0].dnFormat=${ldap.dnFormat}
> cas.authn.ldap[0].principalAttributeId=sAMAccountName
> cas.authn.ldap[0].principalAttributeList=objectGUID:objectGUIDFromAuthHandler
>
>
> # LDAP Attribute Repository
> cas.authn.attributeRepository.ldap[0].attributes.uid=uid
> cas.authn.attributeRepository.ldap[0].attributes.objectGUID=objectGUIDFromAttrRepo
> cas.authn.attributeRepository.ldap[0].attributes.mail=email
> cas.authn.attributeRepository.ldap[0].attributes.givenName=prenom
> cas.authn.attributeRepository.ldap[0].attributes.sn=nom
> cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
> cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName=username
> cas.authn.attributeRepository.ldap[0].ldapUrl=${ldap.url}
> cas.authn.attributeRepository.ldap[0].useSsl=false
> cas.authn.attributeRepository.ldap[0].useStartTls=false
> cas.authn.attributeRepository.ldap[0].baseDn=${ldap.baseDn}
> cas.authn.attributeRepository.ldap[0].searchFilter=${ldap.searchFilter}
> cas.authn.attributeRepository.ldap[0].bindDn=${ldap.bindDn}
> cas.authn.attributeRepository.ldap[0].bindCredential=${ldap.bindCredential}
>
>
>
> As a test, I get the "objectGUID" attribute from my ActiveDirectory twice,
> once from the authentication handler directly, once from the LDAP Attribute
> Repository. My goal is to get it only from the AttributeRepository (because
> I also have SPNEGO authentication activated).
>
> The problem is that I do not get the same objectGUID in both cases! From
> the AuthenticatoinHandler I get a base64 encoded GUID. From the
> AttributeRepository I get a binary object corresponding to ANOTHER GUID
> when I encode it to base64. Strangely, other attributes are ok: if I get
> displayName or givenName from the AuthenticationHandler and the
> AttributeRepository, they are the same.
>
>
> Is this a known issue? Is there a problem with my configuration? Can I do
> anything to solve this or provide any other information for someone to help
> me with this issue?
>
>
> Thank you a lot for your help.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f980b5aa-1c62-4b1c-b3c5-ef9fb1ba1b0a%40apereo.org.
