yes ________________________________ From: [email protected] <[email protected]> on behalf of Bryan Wooten <[email protected]> Sent: Monday, June 15, 2020 4:30:15 PM To: [email protected] <[email protected]> Subject: Re: [cas-user] CAS 6 Attribute release not working
Thanks for the hint. So to clarify, cas.authn.ldap[0].principalAttributeList is the superset of attributes that may be released. The service registry json defines the attributes (subset) allowed to be released to the service? -Bryan On Mon, Jun 15, 2020 at 3:08 PM Jason Everling <[email protected]<mailto:[email protected]>> wrote: I didnt think CAS pulls attributes from ldap based on the service definition? You have to add all attributes you expect to fetch from ldap, so in your config cas.authn.ldap[0].principalAttributeList=unid,cn,psrole,mail,uuemployee,uustudent,uuaffiliate,uudept,almail,sn,givenName Change it to cas.authn.ldap[0].principalAttributeList=firstName,lastName,displayName,email,homephone,department,ou,cn,telephoneNumber,acadplan,almail,eduPersonAffiliation,uid,eduPersonPrincipalName,ummail,unid,uudept,uuemployee, uustudent,psrole On Mon, Jun 15, 2020 at 3:00 PM Bryan Wooten <[email protected]<mailto:[email protected]>> wrote: Hi all, We are unable to get attributes to release (CAS 6 Master). Java client 3.6.1 We have a json service registry entry: { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^https://cas6test.go.utah.edu/.*";, "name" : "cas6testGoUtahEdu", "id" : 2020052801, "description" : "[email protected]<mailto:[email protected]>", "logoutType" : "FRONT_CHANNEL", "attributeReleasePolicy" : { "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", "allowedAttributes" : [ "java.util.ArrayList", [ "firstName", "lastName", "displayName", "email", "homephone", "department", "ou", "cn", "telephoneNumber", "acadplan", "almail", "eduPersonAffiliation", "uid", "eduPersonPrincipalName", "ummail", "unid", "uudept", "uuemployee", "uustudent","psrole" ] ] } } LDAP config in cas.properties: # attr repo creds cas.authn.attributeRepository.ldap[0].ldapUrl=ldap://ldaptest.sys.utah.edu:9292<http://ldaptest.sys.utah.edu:9292> cas.authn.attributeRepository.ldap[0].baseDn=ou=people,o=utah.edu<http://utah.edu> cas.authn.attributeRepository.ldap[0].bindDn=uid=xxx,ou=System Accounts,o=utah.edu<http://utah.edu> cas.authn.attributeRepository.ldap[0].bindCredential= cas.authn.attributeRepository.ldap[0].userFilter=unid={user} # end attr repo creds cas.authn.attributeRepository.ldap[0].attributes.uuMFA=uuMFA cas.authn.attributeRepository.ldap[0].attributes.cn<http://attributes.cn>=cn cas.authn.attributeRepository.ldap[0].attributes.givenName=firstName cas.authn.attributeRepository.ldap[0].attributes.sn<http://attributes.sn>=lastName etc cas.authn.attributeRe36m2020-06-15 13:11:30,732 DEBUG [org.apereo.cas.util.LdapUtils] - <Initializing ldap connection pool for [ldap://ldaptest.sys.utah.edu:9292<http://ldaptest.sys.utah.edu:9292>] and bindDn [uid=pscas,ou=System Accounts,o=utah.edu<http://utah.edu>]>ESC[m ESC[36m2020-06-15 13:11:30,876 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <LDAP attributes are fetched from [ldap://ldaptest.sys.utah.edu:9292<http://ldaptest.sys.utah.edu:9292>] via filter [null]>ESC[m ESC[36m2020-06-15 13:11:30,877 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Configured result attribute mapping for [ldap://ldaptest.sys.utah.edu:9292<http://ldaptest.sys.utah.edu:9292>] to be [{classnumber=classnumber, isonbr=isonbr, uuInst=uuInst, teachingAssistant=teachingAssistant, almail=almail, I am unclear about LDAP attributes are fetched from [ldap://ldaptest.sys.utah.edu:9292<http://ldaptest.sys.utah.edu:9292>] via filter [null]> being null when I have: cas.authn.attributeRepository.ldap[0].userFilter=unid={user} But if I add this line: cas.authn.ldap[0].principalAttributeList=unid,cn,psrole,mail,uuemployee,uustudent,uuaffiliate,uudept,almail,sn,givenName I will get some but not all the attributes (they are all valid attrs for the test user, me)... But i want to release attributes on a per json file. This is also set: cas.authn.authenticationAttributeRelease.enabled=true Also strange is that if I add: #cas.authn.attributeRepository.defaultAttributesToRelease=givenName,eduPersonAffiliation,cn,uuemployee,uustudent,mail,psrole,firstName,lastName Then I stop getting any attributes. Any help appreciated. This driving me crazy. -Bryan University of Utah -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GXBBt6hfbFZPa0WWLvLkNdpq%2BK9k417PygSizp9ouFdvg%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GXBBt6hfbFZPa0WWLvLkNdpq%2BK9k417PygSizp9ouFdvg%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALdoKi%2BcbneJ%2BhQwG9bHdCPmFRpiXGgNH9kTtoCLqOcd1zK_yQ%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALdoKi%2BcbneJ%2BhQwG9bHdCPmFRpiXGgNH9kTtoCLqOcd1zK_yQ%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GVtEtsS5E1fOGsHttio3aSSQhfBpz541_1eriiNLdfMbA%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GVtEtsS5E1fOGsHttio3aSSQhfBpz541_1eriiNLdfMbA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR05MB5277281AAB9F6717D00018FCFF9C0%40SN6PR05MB5277.namprd05.prod.outlook.com.
