Dewi,
Have you verified that the record was added to LDAP, is in the correct path and
identified by the {user}?
If you change the attributes stored for a service (with and without restarting
server), does the record update?
Check your ldap and cas (ldaptive) logs.
Ray
On Mon, 2021-03-08 at 18:43 -0800, Dewi Suci Rafianti wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
I have configured CAS server v6.3.2 to ask user about attribute release
consent. The consent is succeccfully saved in LDAP using description attribute.
When a user access the same application for the second time, user won't be
asked the same consent again. But, when the CAS server is restarted, user will
be asked the consent again. It's as if the consent will be reset when the
server is restarted. Is it the right flow? Why CAS server is not use consent
that is already saved in LDAP server?
Here is my cas.properties
cas.consent.ldap.ldap-url=ldap://localhost:389
cas.consent.ldap.ldapUrl=ldap://localhost:389
cas.consent.ldap.baseDn=dc=example,dc=org
cas.consent.ldap.searchFilter=cn={user}
cas.consent.ldap.bindDn=cn=admin,dc=example,dc=org
cas.consent.ldap.bindCredential=admin
cas.consent.ldap.consentAttributeName=description
JSON service registry
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "^(https|http)://.*",
"name": "ApplicationName",
"id": 1001,
"evaluationOrder": 10,
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes": [ "java.util.ArrayList", [ "cn", "mail", "sn",
"description", "telephoneNumber", "postalCode" ] ],
"consentPolicy": {
"@class":
"org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy",
"includeOnlyAttributes": ["java.util.LinkedHashSet", ["description",
"telephoneNumber"]], "enabled": true } } }
And I already add dependency in build.gradle
implementation
"org.apereo.cas:cas-server-support-consent-webflow:${casServerVersion}"
implementation
"org.apereo.cas:cas-server-support-consent-ldap:${casServerVersion}"
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3d533c06d3a562b527582b6bcb650647e882b8d9.camel%40uvic.ca.
