Manually editing the json to change it to mail worked.
Any idea why the service manager is returning the wrong attribute names?
On Monday, October 23, 2023 at 3:21:21 PM UTC-4 Dmitriy Kopylenko wrote:
> Hi.
>
> Try this:
>
> usernameAttributeProvider:
> {
> @class:
> org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider
> usernameAttribute: mail
> }
>
> D.
>
> On Mon, Oct 23, 2023 at 2:53 PM atilling <[email protected]> wrote:
>
>> Working on a SAML integration where the subject needs to be the user's
>> email address but despite the changes I've made it still releases the
>> username attribute.
>>
>> usernameAttributeProvider:
>> {
>> @class:
>> org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider
>> usernameAttribute: userPrincipalName
>> }
>> ...
>> requiredNameIdFormat:
>> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
>>
>> In cas.properties we are defining the attribute
>>
>> cas.authn.attribute-repository.ldap[0].attributes.eduPersonPrincipalName=mail
>>
>> I found it odd that the service manager is giving userPrincipalName as
>> the "username attribute" and not mail as mapped.
>>
>> Looking at the attribute release in the response XML I see that the
>> subject is still the username and the mail attribute is populated.
>> <?xml
>> version="1.0"
>> encoding="UTF-8"?>
>> <saml2p:Response
>> Destination="https://sitedown.conncoll.edu/";
>> ID="_972320461405286400"
>> InResponseTo="_07ccef8331e40d6e9c24c8a12ade2bd69884b1cbb6"
>> IssueInstant="2023-10-23T17:39:07.378Z"
>> Version="2.0"
>> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
>> <saml2:Issuer
>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
>> https://casdev.conncoll.edu/idp
>> </saml2:Issuer>
>> <saml2p:Status>
>> <saml2p:StatusCode
>> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
>> </saml2p:Status>
>> <saml2:Assertion
>> ID="_1333994532661421056"
>> IssueInstant="2023-10-23T17:39:07.305Z"
>> Version="2.0"
>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
>> <saml2:Issuer>https://casdev.conncoll.edu/idp</saml2:Issuer>
>> <ds:Signature
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>> <ds:SignedInfo>
>> <ds:CanonicalizationMethod
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>> <ds:SignatureMethod
>> Algorithm="
>> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>> <ds:Reference
>> URI="#_1333994532661421056">
>> <ds:Transforms>
>> <ds:Transform
>> Algorithm="
>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>> <ds:Transform
>> Algorithm="
>> http://www.w3.org/2001/10/xml-exc-c14n#"/>
>> </ds:Transforms>
>> <ds:DigestMethod
>> Algorithm="
>> http://www.w3.org/2001/04/xmlenc#sha256"/>
>> <ds:DigestValue>
>> gOBjXAhXqdT7adKVPNrxD43urSqJQgTtDjcj64Wa2NE=
>> </ds:DigestValue>
>> </ds:Reference>
>> </ds:SignedInfo>
>>
>> <ds:SignatureValue>CIuSEDbZ97Yf8VnnA774OXFgGQ0Qw9+HcZX8SnOWWcMT+zb5CUEh3hsKkSlQYr4PeRsn1AxxwpGKdIl9HWLjeF97zPMglpguDiyACsUHNtYGbcmlCIX9WQ+lEUIbrdDwP9c8F632INvPF6ACI9DTDSbLrzA2xJT44X2z4EFAAxJJVK/5MFAyWCopZTiMHsGv6CZ7FKSSjBdYe+zacyL7ZmT1LbFfgV1HK6SL9L3ChRCS5bcQ9vui9pOJ9aiD6Hf6rcO6HZcMuQPMCqNlQilSVVverSypwXv8qFdGYuzy+qiByyc+
>> xTjYR2NpBwECtttDMsZnfFfFxu91KusihOq2OA==
>> </ds:SignatureValue>
>> <ds:KeyInfo>
>> <ds:KeyValue>
>> <ds:RSAKeyValue>
>>
>> <ds:Modulus>nsveLo/KHlchZAHX+dNks7YJSIhIK2xReT1+Vp0EgUYB71DW1tpx9jdEP21PeroK1wjoptbEuoqHetvl5i8/0L/zhVPQFu5jcqQUUnCUEa26wJdtZcpSUzHgudSZM/EHABEMQ+xEqC0Bdty8f9d7AuckWon88+EgyEiW7PYFkc7jDzPHiMBdVyRKVnwMDJIz2WVz3i2q55akpfy2UNMEkJlhm+GgOOKkHKW166gkvXi93duX5hE1lmSufqpQjta2Ev2Lw3BdPhnnCOXBym+rtNI5kl5A5B/opjm4djUY7hCYIBQfqUsykyoGDheAoW7HCYaffg4z+
>> Mu8TuwfjnDA0w==
>> </ds:Modulus>
>> <ds:Exponent>AQAB</ds:Exponent>
>> </ds:RSAKeyValue>
>> </ds:KeyValue>
>> <ds11:DEREncodedKeyValue
>> xmlns:ds11="http://www.w3.org/2009/xmldsig11#
>> ">MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsveLo/KHlchZAHX+dNks7YJSIhIK2xR
>>
>> eT1+Vp0EgUYB71DW1tpx9jdEP21PeroK1wjoptbEuoqHetvl5i8/0L/zhVPQFu5jcqQUUnCUEa26
>>
>> wJdtZcpSUzHgudSZM/EHABEMQ+xEqC0Bdty8f9d7AuckWon88+EgyEiW7PYFkc7jDzPHiMBdVyRK
>>
>> VnwMDJIz2WVz3i2q55akpfy2UNMEkJlhm+GgOOKkHKW166gkvXi93duX5hE1lmSufqpQjta2Ev2L
>>
>> w3BdPhnnCOXBym+rtNI5kl5A5B/opjm4djUY7hCYIBQfqUsykyoGDheAoW7HCYaffg4z+Mu8Tuwf
>> jnDA0wIDAQAB
>> </ds11:DEREncodedKeyValue>
>> </ds:KeyInfo>
>> </ds:Signature>
>> <saml2:Subject>
>> <saml2:NameID
>>
>> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
>> NameQualifier="https://casdev.conncoll.edu/idp";
>> SPNameQualifier="
>> https://sitedown.conncoll.edu/wp-content/plugins/miniorange-saml-20-single-sign-on/
>> ">atilling
>> </saml2:NameID>
>> <saml2:SubjectConfirmation
>> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
>> <saml2:SubjectConfirmationData
>> Address="sitedown.conncoll.edu"
>>
>> InResponseTo="_07ccef8331e40d6e9c24c8a12ade2bd69884b1cbb6"
>> NotOnOrAfter="2023-10-23T17:39:07.306Z"
>> Recipient="https://sitedown.conncoll.edu/"/>
>> </saml2:SubjectConfirmation>
>> </saml2:Subject>
>> <saml2:Conditions
>> NotBefore="2023-10-23T17:39:07.348Z"
>> NotOnOrAfter="2023-10-23T17:39:07.348Z">
>> <saml2:AudienceRestriction>
>> <saml2:Audience>
>> https://sitedown.conncoll.edu/wp-content/plugins/miniorange-saml-20-single-sign-on/
>> </saml2:Audience>
>> </saml2:AudienceRestriction>
>> </saml2:Conditions>
>> <saml2:AuthnStatement
>> AuthnInstant="2023-10-23T17:36:35.417Z"
>> SessionIndex="_1170437499088431104"
>> SessionNotOnOrAfter="2023-10-24T17:39:07.295Z">
>> <saml2:SubjectLocality
>> Address="136.244.218.11"/>
>> <saml2:AuthnContext>
>>
>> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
>> </saml2:AuthnContext>
>> </saml2:AuthnStatement>
>> <saml2:AttributeStatement>
>> <saml2:Attribute
>> FriendlyName="UserName"
>> Name="UserName"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>atilling</saml2:AttributeValue>
>> </saml2:Attribute>
>> <saml2:Attribute
>> FriendlyName="mail"
>> Name="mail"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>[email protected]
>> </saml2:AttributeValue>
>> </saml2:Attribute>
>> <saml2:Attribute
>> FriendlyName="displayName"
>> Name="displayName"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>Andrew P.
>> Tillinghast</saml2:AttributeValue>
>> </saml2:Attribute>
>> <saml2:Attribute
>> FriendlyName="cn"
>> Name="cn"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>Andrew P.
>> Tillinghast</saml2:AttributeValue>
>> </saml2:Attribute>
>> <saml2:Attribute
>> FriendlyName="edupersonaffiliation"
>> Name="edupersonaffiliation"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>STAFF</saml2:AttributeValue>
>> <saml2:AttributeValue>EMPLOYEE</saml2:AttributeValue>
>> <saml2:AttributeValue>MEMBER</saml2:AttributeValue>
>> </saml2:Attribute>
>> <saml2:Attribute
>> FriendlyName="givenname"
>> Name="givenname"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>Andrew</saml2:AttributeValue>
>> </saml2:Attribute>
>> <saml2:Attribute
>> FriendlyName="departmentNumber"
>> Name="departmentNumber"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>Information Services/Enterprise
>> Systems</saml2:AttributeValue>
>> </saml2:Attribute>
>> <saml2:Attribute
>> FriendlyName="memberof"
>> Name="memberof"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>
>> cn=EIS,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=staff,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=100000-901010-Information Services - Office of VP,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=Knowbe4,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=Knowbe4PII,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=DB_Users,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=CWUserEdit,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=AS2-083267125839-StataLocal,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=MAPS_LDAP,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=webadministrator,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=bbadm,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=Forti-Two Factor,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=Druva_InSync_Clients,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=knowbe4staff,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=meraki-tech,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=WirelessSU,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> <saml2:AttributeValue>
>> cn=CWADMIN,
>> ou=groups,
>> dc=conncoll,
>> dc=edu
>> </saml2:AttributeValue>
>> </saml2:Attribute>
>> <saml2:Attribute
>> FriendlyName="sn"
>> Name="sn"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>Tillinghast</saml2:AttributeValue>
>> </saml2:Attribute>
>> </saml2:AttributeStatement>
>> </saml2:Assertion>
>> </saml2p:Response>
>>
>>
>> Is there something I'm missing to get userPrincipalName/mail as the
>> subject?
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/855695d8-33bf-4858-a145-344fe91601a8n%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/855695d8-33bf-4858-a145-344fe91601a8n%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a00bdef9-a905-46d8-af3d-0468003b8f86n%40apereo.org.
