Thanks for the hint. So to clarify, cas.authn.ldap[0].principalAttributeList is the superset of attributes that may be released. The service registry json defines the attributes (subset) allowed to be released to the service?
-Bryan On Mon, Jun 15, 2020 at 3:08 PM Jason Everling <[email protected]> wrote: > I didnt think CAS pulls attributes from ldap based on the service > definition? You have to add all attributes you expect to fetch from ldap, > so in your config > > > cas.authn.ldap[0].principalAttributeList=unid,cn,psrole,mail,uuemployee,uustudent,uuaffiliate,uudept,almail,sn,givenName > > Change it to > > cas.authn.ldap[0].principalAttributeList=firstName,lastName,displayName,email,homephone,department,ou,cn,telephoneNumber,acadplan,almail,eduPersonAffiliation,uid,eduPersonPrincipalName,ummail,unid,uudept,uuemployee, > uustudent,psrole > > On Mon, Jun 15, 2020 at 3:00 PM Bryan Wooten <[email protected]> wrote: > >> Hi all, >> We are unable to get attributes to release (CAS 6 Master). >> Java client 3.6.1 >> >> We have a json service registry entry: >> { >> "@class" : "org.apereo.cas.services.RegexRegisteredService", >> "serviceId" : "^https://cas6test.go.utah.edu/.*";, >> "name" : "cas6testGoUtahEdu", >> "id" : 2020052801, >> "description" : "[email protected]", >> "logoutType" : "FRONT_CHANNEL", >> "attributeReleasePolicy" : { >> "@class" : >> "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", >> "allowedAttributes" : [ "java.util.ArrayList", [ "firstName", >> "lastName", "displayName", "email", "homephone", "department", "ou", "cn", >> "telephoneNumber", "acadplan", "almail", "eduPersonAffiliation", "uid", >> "eduPersonPrincipalName", "ummail", "unid", "uudept", "uuemployee", >> "uustudent","psrole" ] ] >> } >> } >> >> LDAP config in cas.properties: >> >> # attr repo creds >> cas.authn.attributeRepository.ldap[0].ldapUrl=ldap:// >> ldaptest.sys.utah.edu:9292 >> cas.authn.attributeRepository.ldap[0].baseDn=ou=people,o=utah.edu >> cas.authn.attributeRepository.ldap[0].bindDn=uid=xxx,ou=System Accounts,o= >> utah.edu >> cas.authn.attributeRepository.ldap[0].bindCredential= >> cas.authn.attributeRepository.ldap[0].userFilter=unid={user} >> # end attr repo creds >> >> cas.authn.attributeRepository.ldap[0].attributes.uuMFA=uuMFA >> cas.authn.attributeRepository.ldap[0].attributes.cn=cn >> cas.authn.attributeRepository.ldap[0].attributes.givenName=firstName >> cas.authn.attributeRepository.ldap[0].attributes.sn=lastName >> etc >> >> >> cas.authn.attributeRe36m2020-06-15 13:11:30,732 DEBUG >> [org.apereo.cas.util.LdapUtils] - <Initializing ldap connection pool for >> [ldap://ldaptest.sys.utah.edu:9292] and bindDn [uid=pscas,ou=System >> Accounts,o=utah.edu]>ESC[m >> ESC[36m2020-06-15 13:11:30,876 DEBUG >> [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <LDAP attributes >> are fetched from [ldap://ldaptest.sys.utah.edu:9292] via filter >> [null]>ESC[m >> ESC[36m2020-06-15 13:11:30,877 DEBUG >> [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Configured >> result attribute mapping for [ldap://ldaptest.sys.utah.edu:9292] to be >> [{classnumber=classnumber, isonbr=isonbr, uuInst=uuInst, >> teachingAssistant=teachingAssistant, almail=almail, >> >> I am unclear about LDAP attributes are fetched from [ldap:// >> ldaptest.sys.utah.edu:9292] via filter [null]> being null when I have: >> >> cas.authn.attributeRepository.ldap[0].userFilter=unid={user} >> >> But if I add this line: >> >> cas.authn.ldap[0].principalAttributeList=unid,cn,psrole,mail,uuemployee,uustudent,uuaffiliate,uudept,almail,sn,givenName >> >> I will get some but not all the attributes (they are all valid attrs for >> the test user, me)... But i want to release attributes on a per json file. >> >> This is also set: cas.authn.authenticationAttributeRelease.enabled=true >> >> Also strange is that if I add: >> >> #cas.authn.attributeRepository.defaultAttributesToRelease=givenName,eduPersonAffiliation,cn,uuemployee,uustudent,mail,psrole,firstName,lastName >> >> Then I stop getting any attributes. >> >> Any help appreciated. This driving me crazy. >> >> -Bryan >> University of Utah >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GXBBt6hfbFZPa0WWLvLkNdpq%2BK9k417PygSizp9ouFdvg%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GXBBt6hfbFZPa0WWLvLkNdpq%2BK9k417PygSizp9ouFdvg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALdoKi%2BcbneJ%2BhQwG9bHdCPmFRpiXGgNH9kTtoCLqOcd1zK_yQ%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALdoKi%2BcbneJ%2BhQwG9bHdCPmFRpiXGgNH9kTtoCLqOcd1zK_yQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GVtEtsS5E1fOGsHttio3aSSQhfBpz541_1eriiNLdfMbA%40mail.gmail.com.
