Morning,
When you say you get 302, do you mean a 'too many redirects' message in the
browser?
Does your audit log say that the ticket was validated successfully?
The client application needs to be using https during ticket validation. If you
are using a self signed cert, add it to the jvm keystore.
The uid is released as part of the principal, after successful ST validation.
You can get it in your application with:
request.getRemoteUser()
or
request.getUserPrincipal()
Ray
On Tue, 2021-02-16 at 13:25 -0800, Morning Star wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hi Team,
CAS server - 6.2.3
CAS client - 3.6.2
We are not getting UID attribute in client side. We use CAS 2 protocol i,e
Cas20ProxyReceivingTicketValidationFilter.
Upon redirection, we are getting ticket value(ticket=) in url and after
successfull ticket validation got 302 http status code. Till this, it is
working as expected.
But we are not getting UID attribute in client side.
My JSON file :
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https://cx.example.com.*)",
"name" : "web",
"description" : "Allows HTTP(S) and IMAP(S) protocols",
"id" : 10000001,
"evaluationOrder" : 1,
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "uid"
},
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "uid", "email", "CN" ] ],
}
}
DEBUG LOG:
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Initiating attributes release phase for principal [[email protected]] accessing
service
[AbstractWebApplicationService(id=https://bexfept021.int.mgc.com:11111/exx/cp?id=12345,
originalUrl=https:// bexfept021 .int.mgc.com:11111/exx/cp?id=12345,
artifactId=null, [email protected], source=service,
loggedOutAlready=false, format=XML, attributes={})] defined by registered
service [^(https:// cx.example.*)]...
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Using principal attribute repository [DefaultPrincipalAttributesRepository()]
to retrieve attributes
2021-02-16 12:57:51 [WARN]
org.apereo.cas.authentication.attribute.PrincipalAttributeRepositoryFetcher
– No person records were fetched from attribute repositories for
[{[email protected], userStatus=[ACTIVE], tryCount=[0:1613505872733],
[email protected]}]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Found principal attributes [{userStatus=[ACTIVE], tryCount=[0:1613505872733]}]
for [[email protected]]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of [{}]
for [[email protected]]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Default attributes for release are: [[]]
Tried adding these entries also:
cas.authn.ldap[0].principal-attribute-list=uid,mail,cn
cas.authn.attribute-repository.default-attributes-to-release=uid,mail,cn
It doesn't help.
Am I doing something wrong here? CAS2 protocol release UID right?
Kindly help me with some syntax:-(
Atleast want to know issue is from server side or client side.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/baf260d7adf6b8a64e6653e79498bfa7c06c705d.camel%40uvic.ca.
