I don't remember the fine specifics of the logs well enough to know. It's
possible that both are at fault? Make sure you are listing attributes to lookup
in your ldap attribute repository configuration. If they aren't there, that'll
be problem one. The other thing is that by default the CAS 2 protocol doesn't
do attribute return. You need to use CAS 3 protocol to get attribute return. It
was an extension for CAS 2 protocol, but I don't think the IdP is going to
follow that extension at CAS 6.2, but I may be wrong. The CAS 3 protocol
validation URL should be able to be used to get the attributes back, which is
typically at the/p3/ serviceValidate path.
On Tue, 2021-02-16 at 13:25 -0800, Morning Star wrote:
Hi Team,
CAS server - 6.2.3
CAS client - 3.6.2
We are not getting UID attribute in client side. We use CAS 2 protocol i,e
Cas20ProxyReceivingTicketValidationFilter.
Upon redirection, we are getting ticket value(ticket=) in url and after
successfull ticket validation got 302 http status code. Till this, it is
working as expected.
But we are not getting UID attribute in client side.
My JSON file :
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https://cx.example.com.*)",
"name" : "web",
"description" : "Allows HTTP(S) and IMAP(S) protocols",
"id" : 10000001,
"evaluationOrder" : 1,
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "uid"
},
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "uid", "email", "CN" ] ],
}
}
DEBUG LOG:
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Initiating attributes release phase for principal [[email protected]] accessing
service
[AbstractWebApplicationService(id=https://bexfept021.int.mgc.com:11111/exx/cp?id=12345,
originalUrl=https:// bexfept021 .int.mgc.com:11111/exx/cp?id=12345,
artifactId=null, [email protected], source=service,
loggedOutAlready=false, format=XML, attributes={})] defined by registered
service [^(https:// cx.example.*)]...
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Using principal attribute repository [DefaultPrincipalAttributesRepository()]
to retrieve attributes
2021-02-16 12:57:51 [WARN]
org.apereo.cas.authentication.attribute.PrincipalAttributeRepositoryFetcher
– No person records were fetched from attribute repositories for
[{[email protected], userStatus=[ACTIVE], tryCount=[0:1613505872733],
[email protected]}]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Found principal attributes [{userStatus=[ACTIVE], tryCount=[0:1613505872733]}]
for [[email protected]]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of [{}]
for [[email protected]]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Default attributes for release are: [[]]
Tried adding these entries also:
cas.authn.ldap[0].principal-attribute-list=uid,mail,cn
cas.authn.attribute-repository.default-attributes-to-release=uid,mail,cn
It doesn't help.
Am I doing something wrong here? CAS2 protocol release UID right?
Kindly help me with some syntax:-(
Atleast want to know issue is from server side or client side.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9d59de0656a8d8b43ece90c9768a27723140e40.camel%40ndsu.edu.
