By service manager you mean services management web app? If so, it could be a bug there.
D. On Mon, Oct 23, 2023 at 17:09 atilling <[email protected]> wrote: > Manually editing the json to change it to mail worked. > Any idea why the service manager is returning the wrong attribute names? > > On Monday, October 23, 2023 at 3:21:21 PM UTC-4 Dmitriy Kopylenko wrote: > >> Hi. >> >> Try this: >> >> usernameAttributeProvider: >> { >> @class: >> org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider >> usernameAttribute: mail >> } >> >> D. >> >> On Mon, Oct 23, 2023 at 2:53 PM atilling <[email protected]> wrote: >> >>> Working on a SAML integration where the subject needs to be the user's >>> email address but despite the changes I've made it still releases the >>> username attribute. >>> >>> usernameAttributeProvider: >>> { >>> @class: >>> org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider >>> usernameAttribute: userPrincipalName >>> } >>> ... >>> requiredNameIdFormat: >>> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress >>> >>> In cas.properties we are defining the attribute >>> >>> cas.authn.attribute-repository.ldap[0].attributes.eduPersonPrincipalName=mail >>> >>> I found it odd that the service manager is giving userPrincipalName as >>> the "username attribute" and not mail as mapped. >>> >>> Looking at the attribute release in the response XML I see that the >>> subject is still the username and the mail attribute is populated. >>> <?xml >>> version="1.0" >>> encoding="UTF-8"?> >>> <saml2p:Response >>> Destination="https://sitedown.conncoll.edu/"; >>> ID="_972320461405286400" >>> InResponseTo="_07ccef8331e40d6e9c24c8a12ade2bd69884b1cbb6" >>> IssueInstant="2023-10-23T17:39:07.378Z" >>> Version="2.0" >>> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >>> <saml2:Issuer >>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >>> https://casdev.conncoll.edu/idp >>> </saml2:Issuer> >>> <saml2p:Status> >>> <saml2p:StatusCode >>> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> >>> </saml2p:Status> >>> <saml2:Assertion >>> ID="_1333994532661421056" >>> IssueInstant="2023-10-23T17:39:07.305Z" >>> Version="2.0" >>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >>> <saml2:Issuer>https://casdev.conncoll.edu/idp</saml2:Issuer> >>> <ds:Signature >>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>> <ds:SignedInfo> >>> <ds:CanonicalizationMethod >>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# >>> "/> >>> <ds:SignatureMethod >>> Algorithm=" >>> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> >>> <ds:Reference >>> URI="#_1333994532661421056"> >>> <ds:Transforms> >>> <ds:Transform >>> Algorithm=" >>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> >>> <ds:Transform >>> Algorithm=" >>> http://www.w3.org/2001/10/xml-exc-c14n#"/> >>> </ds:Transforms> >>> <ds:DigestMethod >>> Algorithm=" >>> http://www.w3.org/2001/04/xmlenc#sha256"/> >>> <ds:DigestValue> >>> gOBjXAhXqdT7adKVPNrxD43urSqJQgTtDjcj64Wa2NE= >>> </ds:DigestValue> >>> </ds:Reference> >>> </ds:SignedInfo> >>> >>> <ds:SignatureValue>CIuSEDbZ97Yf8VnnA774OXFgGQ0Qw9+HcZX8SnOWWcMT+zb5CUEh3hsKkSlQYr4PeRsn1AxxwpGKdIl9HWLjeF97zPMglpguDiyACsUHNtYGbcmlCIX9WQ+lEUIbrdDwP9c8F632INvPF6ACI9DTDSbLrzA2xJT44X2z4EFAAxJJVK/5MFAyWCopZTiMHsGv6CZ7FKSSjBdYe+zacyL7ZmT1LbFfgV1HK6SL9L3ChRCS5bcQ9vui9pOJ9aiD6Hf6rcO6HZcMuQPMCqNlQilSVVverSypwXv8qFdGYuzy+qiByyc+ >>> xTjYR2NpBwECtttDMsZnfFfFxu91KusihOq2OA== >>> </ds:SignatureValue> >>> <ds:KeyInfo> >>> <ds:KeyValue> >>> <ds:RSAKeyValue> >>> >>> <ds:Modulus>nsveLo/KHlchZAHX+dNks7YJSIhIK2xReT1+Vp0EgUYB71DW1tpx9jdEP21PeroK1wjoptbEuoqHetvl5i8/0L/zhVPQFu5jcqQUUnCUEa26wJdtZcpSUzHgudSZM/EHABEMQ+xEqC0Bdty8f9d7AuckWon88+EgyEiW7PYFkc7jDzPHiMBdVyRKVnwMDJIz2WVz3i2q55akpfy2UNMEkJlhm+GgOOKkHKW166gkvXi93duX5hE1lmSufqpQjta2Ev2Lw3BdPhnnCOXBym+rtNI5kl5A5B/opjm4djUY7hCYIBQfqUsykyoGDheAoW7HCYaffg4z+ >>> Mu8TuwfjnDA0w== >>> </ds:Modulus> >>> <ds:Exponent>AQAB</ds:Exponent> >>> </ds:RSAKeyValue> >>> </ds:KeyValue> >>> <ds11:DEREncodedKeyValue >>> xmlns:ds11="http://www.w3.org/2009/xmldsig11# >>> ">MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsveLo/KHlchZAHX+dNks7YJSIhIK2xR >>> >>> eT1+Vp0EgUYB71DW1tpx9jdEP21PeroK1wjoptbEuoqHetvl5i8/0L/zhVPQFu5jcqQUUnCUEa26 >>> >>> wJdtZcpSUzHgudSZM/EHABEMQ+xEqC0Bdty8f9d7AuckWon88+EgyEiW7PYFkc7jDzPHiMBdVyRK >>> >>> VnwMDJIz2WVz3i2q55akpfy2UNMEkJlhm+GgOOKkHKW166gkvXi93duX5hE1lmSufqpQjta2Ev2L >>> >>> w3BdPhnnCOXBym+rtNI5kl5A5B/opjm4djUY7hCYIBQfqUsykyoGDheAoW7HCYaffg4z+Mu8Tuwf >>> jnDA0wIDAQAB >>> </ds11:DEREncodedKeyValue> >>> </ds:KeyInfo> >>> </ds:Signature> >>> <saml2:Subject> >>> <saml2:NameID >>> >>> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" >>> NameQualifier="https://casdev.conncoll.edu/idp"; >>> SPNameQualifier=" >>> https://sitedown.conncoll.edu/wp-content/plugins/miniorange-saml-20-single-sign-on/ >>> ">atilling >>> </saml2:NameID> >>> <saml2:SubjectConfirmation >>> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> >>> <saml2:SubjectConfirmationData >>> Address="sitedown.conncoll.edu" >>> >>> InResponseTo="_07ccef8331e40d6e9c24c8a12ade2bd69884b1cbb6" >>> NotOnOrAfter="2023-10-23T17:39:07.306Z" >>> Recipient="https://sitedown.conncoll.edu/"/> >>> </saml2:SubjectConfirmation> >>> </saml2:Subject> >>> <saml2:Conditions >>> NotBefore="2023-10-23T17:39:07.348Z" >>> NotOnOrAfter="2023-10-23T17:39:07.348Z"> >>> <saml2:AudienceRestriction> >>> <saml2:Audience> >>> https://sitedown.conncoll.edu/wp-content/plugins/miniorange-saml-20-single-sign-on/ >>> </saml2:Audience> >>> </saml2:AudienceRestriction> >>> </saml2:Conditions> >>> <saml2:AuthnStatement >>> AuthnInstant="2023-10-23T17:36:35.417Z" >>> SessionIndex="_1170437499088431104" >>> SessionNotOnOrAfter="2023-10-24T17:39:07.295Z"> >>> <saml2:SubjectLocality >>> Address="136.244.218.11"/> >>> <saml2:AuthnContext> >>> >>> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> >>> </saml2:AuthnContext> >>> </saml2:AuthnStatement> >>> <saml2:AttributeStatement> >>> <saml2:Attribute >>> FriendlyName="UserName" >>> Name="UserName" >>> >>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>> <saml2:AttributeValue>atilling</saml2:AttributeValue> >>> </saml2:Attribute> >>> <saml2:Attribute >>> FriendlyName="mail" >>> Name="mail" >>> >>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>> <saml2:AttributeValue>[email protected] >>> </saml2:AttributeValue> >>> </saml2:Attribute> >>> <saml2:Attribute >>> FriendlyName="displayName" >>> Name="displayName" >>> >>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>> <saml2:AttributeValue>Andrew P. >>> Tillinghast</saml2:AttributeValue> >>> </saml2:Attribute> >>> <saml2:Attribute >>> FriendlyName="cn" >>> Name="cn" >>> >>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>> <saml2:AttributeValue>Andrew P. >>> Tillinghast</saml2:AttributeValue> >>> </saml2:Attribute> >>> <saml2:Attribute >>> FriendlyName="edupersonaffiliation" >>> Name="edupersonaffiliation" >>> >>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>> <saml2:AttributeValue>STAFF</saml2:AttributeValue> >>> <saml2:AttributeValue>EMPLOYEE</saml2:AttributeValue> >>> <saml2:AttributeValue>MEMBER</saml2:AttributeValue> >>> </saml2:Attribute> >>> <saml2:Attribute >>> FriendlyName="givenname" >>> Name="givenname" >>> >>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>> <saml2:AttributeValue>Andrew</saml2:AttributeValue> >>> </saml2:Attribute> >>> <saml2:Attribute >>> FriendlyName="departmentNumber" >>> Name="departmentNumber" >>> >>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>> <saml2:AttributeValue>Information Services/Enterprise >>> Systems</saml2:AttributeValue> >>> </saml2:Attribute> >>> <saml2:Attribute >>> FriendlyName="memberof" >>> Name="memberof" >>> >>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>> <saml2:AttributeValue> >>> cn=EIS, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=staff, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=100000-901010-Information Services - Office of VP, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=Knowbe4, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=Knowbe4PII, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=DB_Users, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=CWUserEdit, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=AS2-083267125839-StataLocal, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=MAPS_LDAP, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=webadministrator, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=bbadm, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=Forti-Two Factor, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=Druva_InSync_Clients, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=knowbe4staff, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=meraki-tech, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=WirelessSU, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> <saml2:AttributeValue> >>> cn=CWADMIN, >>> ou=groups, >>> dc=conncoll, >>> dc=edu >>> </saml2:AttributeValue> >>> </saml2:Attribute> >>> <saml2:Attribute >>> FriendlyName="sn" >>> Name="sn" >>> >>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>> <saml2:AttributeValue>Tillinghast</saml2:AttributeValue> >>> </saml2:Attribute> >>> </saml2:AttributeStatement> >>> </saml2:Assertion> >>> </saml2p:Response> >>> >>> >>> Is there something I'm missing to get userPrincipalName/mail as the >>> subject? >>> >> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/855695d8-33bf-4858-a145-344fe91601a8n%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/855695d8-33bf-4858-a145-344fe91601a8n%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpiYKiaDcwU_%2BoQB6UQwqa3pKx3SBKZS%2BV%3D9yA4-pynePLg_w%40mail.gmail.com.
