Yes the service manager web app, built from curl https://casinit.herokuapp.com/starter.tgz -d type=cas-management-overlay -d baseDir=cas-sm | tar -xzvf -
It was the json created by the web app that I modified to change the attribute. On Monday, October 23, 2023 at 10:54:03 PM UTC-4 Dmitriy Kopylenko wrote: > By service manager you mean services management web app? If so, it could > be a bug there. > > D. > > On Mon, Oct 23, 2023 at 17:09 atilling <[email protected]> wrote: > >> Manually editing the json to change it to mail worked. >> Any idea why the service manager is returning the wrong attribute names? >> >> On Monday, October 23, 2023 at 3:21:21 PM UTC-4 Dmitriy Kopylenko wrote: >> >>> Hi. >>> >>> Try this: >>> >>> usernameAttributeProvider: >>> { >>> @class: >>> org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider >>> usernameAttribute: mail >>> } >>> >>> D. >>> >>> On Mon, Oct 23, 2023 at 2:53 PM atilling <[email protected]> wrote: >>> >>>> Working on a SAML integration where the subject needs to be the user's >>>> email address but despite the changes I've made it still releases the >>>> username attribute. >>>> >>>> usernameAttributeProvider: >>>> { >>>> @class: >>>> org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider >>>> usernameAttribute: userPrincipalName >>>> } >>>> ... >>>> requiredNameIdFormat: >>>> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress >>>> >>>> In cas.properties we are defining the attribute >>>> >>>> cas.authn.attribute-repository.ldap[0].attributes.eduPersonPrincipalName=mail >>>> >>>> I found it odd that the service manager is giving userPrincipalName as >>>> the "username attribute" and not mail as mapped. >>>> >>>> Looking at the attribute release in the response XML I see that the >>>> subject is still the username and the mail attribute is populated. >>>> <?xml >>>> version="1.0" >>>> encoding="UTF-8"?> >>>> <saml2p:Response >>>> Destination="https://sitedown.conncoll.edu/"; >>>> ID="_972320461405286400" >>>> InResponseTo="_07ccef8331e40d6e9c24c8a12ade2bd69884b1cbb6" >>>> IssueInstant="2023-10-23T17:39:07.378Z" >>>> Version="2.0" >>>> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >>>> <saml2:Issuer >>>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >>>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >>>> https://casdev.conncoll.edu/idp >>>> </saml2:Issuer> >>>> <saml2p:Status> >>>> <saml2p:StatusCode >>>> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> >>>> </saml2p:Status> >>>> <saml2:Assertion >>>> ID="_1333994532661421056" >>>> IssueInstant="2023-10-23T17:39:07.305Z" >>>> Version="2.0" >>>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >>>> <saml2:Issuer>https://casdev.conncoll.edu/idp</saml2:Issuer> >>>> <ds:Signature >>>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>>> <ds:SignedInfo> >>>> <ds:CanonicalizationMethod >>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# >>>> "/> >>>> <ds:SignatureMethod >>>> Algorithm=" >>>> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> >>>> <ds:Reference >>>> URI="#_1333994532661421056"> >>>> <ds:Transforms> >>>> <ds:Transform >>>> Algorithm=" >>>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> >>>> <ds:Transform >>>> Algorithm=" >>>> http://www.w3.org/2001/10/xml-exc-c14n#"/> >>>> </ds:Transforms> >>>> <ds:DigestMethod >>>> Algorithm=" >>>> http://www.w3.org/2001/04/xmlenc#sha256"/> >>>> <ds:DigestValue> >>>> gOBjXAhXqdT7adKVPNrxD43urSqJQgTtDjcj64Wa2NE= >>>> </ds:DigestValue> >>>> </ds:Reference> >>>> </ds:SignedInfo> >>>> >>>> <ds:SignatureValue>CIuSEDbZ97Yf8VnnA774OXFgGQ0Qw9+HcZX8SnOWWcMT+zb5CUEh3hsKkSlQYr4PeRsn1AxxwpGKdIl9HWLjeF97zPMglpguDiyACsUHNtYGbcmlCIX9WQ+lEUIbrdDwP9c8F632INvPF6ACI9DTDSbLrzA2xJT44X2z4EFAAxJJVK/5MFAyWCopZTiMHsGv6CZ7FKSSjBdYe+zacyL7ZmT1LbFfgV1HK6SL9L3ChRCS5bcQ9vui9pOJ9aiD6Hf6rcO6HZcMuQPMCqNlQilSVVverSypwXv8qFdGYuzy+qiByyc+ >>>> xTjYR2NpBwECtttDMsZnfFfFxu91KusihOq2OA== >>>> </ds:SignatureValue> >>>> <ds:KeyInfo> >>>> <ds:KeyValue> >>>> <ds:RSAKeyValue> >>>> >>>> <ds:Modulus>nsveLo/KHlchZAHX+dNks7YJSIhIK2xReT1+Vp0EgUYB71DW1tpx9jdEP21PeroK1wjoptbEuoqHetvl5i8/0L/zhVPQFu5jcqQUUnCUEa26wJdtZcpSUzHgudSZM/EHABEMQ+xEqC0Bdty8f9d7AuckWon88+EgyEiW7PYFkc7jDzPHiMBdVyRKVnwMDJIz2WVz3i2q55akpfy2UNMEkJlhm+GgOOKkHKW166gkvXi93duX5hE1lmSufqpQjta2Ev2Lw3BdPhnnCOXBym+rtNI5kl5A5B/opjm4djUY7hCYIBQfqUsykyoGDheAoW7HCYaffg4z+ >>>> Mu8TuwfjnDA0w== >>>> </ds:Modulus> >>>> <ds:Exponent>AQAB</ds:Exponent> >>>> </ds:RSAKeyValue> >>>> </ds:KeyValue> >>>> <ds11:DEREncodedKeyValue >>>> xmlns:ds11="http://www.w3.org/2009/xmldsig11# >>>> ">MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsveLo/KHlchZAHX+dNks7YJSIhIK2xR >>>> >>>> eT1+Vp0EgUYB71DW1tpx9jdEP21PeroK1wjoptbEuoqHetvl5i8/0L/zhVPQFu5jcqQUUnCUEa26 >>>> >>>> wJdtZcpSUzHgudSZM/EHABEMQ+xEqC0Bdty8f9d7AuckWon88+EgyEiW7PYFkc7jDzPHiMBdVyRK >>>> >>>> VnwMDJIz2WVz3i2q55akpfy2UNMEkJlhm+GgOOKkHKW166gkvXi93duX5hE1lmSufqpQjta2Ev2L >>>> >>>> w3BdPhnnCOXBym+rtNI5kl5A5B/opjm4djUY7hCYIBQfqUsykyoGDheAoW7HCYaffg4z+Mu8Tuwf >>>> jnDA0wIDAQAB >>>> </ds11:DEREncodedKeyValue> >>>> </ds:KeyInfo> >>>> </ds:Signature> >>>> <saml2:Subject> >>>> <saml2:NameID >>>> >>>> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" >>>> NameQualifier="https://casdev.conncoll.edu/idp"; >>>> SPNameQualifier=" >>>> https://sitedown.conncoll.edu/wp-content/plugins/miniorange-saml-20-single-sign-on/ >>>> ">atilling >>>> </saml2:NameID> >>>> <saml2:SubjectConfirmation >>>> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> >>>> <saml2:SubjectConfirmationData >>>> Address="sitedown.conncoll.edu" >>>> >>>> InResponseTo="_07ccef8331e40d6e9c24c8a12ade2bd69884b1cbb6" >>>> NotOnOrAfter="2023-10-23T17:39:07.306Z" >>>> Recipient="https://sitedown.conncoll.edu/"/> >>>> </saml2:SubjectConfirmation> >>>> </saml2:Subject> >>>> <saml2:Conditions >>>> NotBefore="2023-10-23T17:39:07.348Z" >>>> NotOnOrAfter="2023-10-23T17:39:07.348Z"> >>>> <saml2:AudienceRestriction> >>>> <saml2:Audience> >>>> https://sitedown.conncoll.edu/wp-content/plugins/miniorange-saml-20-single-sign-on/ >>>> </saml2:Audience> >>>> </saml2:AudienceRestriction> >>>> </saml2:Conditions> >>>> <saml2:AuthnStatement >>>> AuthnInstant="2023-10-23T17:36:35.417Z" >>>> SessionIndex="_1170437499088431104" >>>> SessionNotOnOrAfter="2023-10-24T17:39:07.295Z"> >>>> <saml2:SubjectLocality >>>> Address="136.244.218.11"/> >>>> <saml2:AuthnContext> >>>> >>>> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> >>>> </saml2:AuthnContext> >>>> </saml2:AuthnStatement> >>>> <saml2:AttributeStatement> >>>> <saml2:Attribute >>>> FriendlyName="UserName" >>>> Name="UserName" >>>> >>>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>>> <saml2:AttributeValue>atilling</saml2:AttributeValue> >>>> </saml2:Attribute> >>>> <saml2:Attribute >>>> FriendlyName="mail" >>>> Name="mail" >>>> >>>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>>> <saml2:AttributeValue>[email protected] >>>> </saml2:AttributeValue> >>>> </saml2:Attribute> >>>> <saml2:Attribute >>>> FriendlyName="displayName" >>>> Name="displayName" >>>> >>>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>>> <saml2:AttributeValue>Andrew P. >>>> Tillinghast</saml2:AttributeValue> >>>> </saml2:Attribute> >>>> <saml2:Attribute >>>> FriendlyName="cn" >>>> Name="cn" >>>> >>>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>>> <saml2:AttributeValue>Andrew P. >>>> Tillinghast</saml2:AttributeValue> >>>> </saml2:Attribute> >>>> <saml2:Attribute >>>> FriendlyName="edupersonaffiliation" >>>> Name="edupersonaffiliation" >>>> >>>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>>> <saml2:AttributeValue>STAFF</saml2:AttributeValue> >>>> <saml2:AttributeValue>EMPLOYEE</saml2:AttributeValue> >>>> <saml2:AttributeValue>MEMBER</saml2:AttributeValue> >>>> </saml2:Attribute> >>>> <saml2:Attribute >>>> FriendlyName="givenname" >>>> Name="givenname" >>>> >>>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>>> <saml2:AttributeValue>Andrew</saml2:AttributeValue> >>>> </saml2:Attribute> >>>> <saml2:Attribute >>>> FriendlyName="departmentNumber" >>>> Name="departmentNumber" >>>> >>>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>>> <saml2:AttributeValue>Information Services/Enterprise >>>> Systems</saml2:AttributeValue> >>>> </saml2:Attribute> >>>> <saml2:Attribute >>>> FriendlyName="memberof" >>>> Name="memberof" >>>> >>>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>>> <saml2:AttributeValue> >>>> cn=EIS, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=staff, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=100000-901010-Information Services - Office of >>>> VP, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=Knowbe4, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=Knowbe4PII, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=DB_Users, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=CWUserEdit, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=AS2-083267125839-StataLocal, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=MAPS_LDAP, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=webadministrator, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=bbadm, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=Forti-Two Factor, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=Druva_InSync_Clients, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=knowbe4staff, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=meraki-tech, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=WirelessSU, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> <saml2:AttributeValue> >>>> cn=CWADMIN, >>>> ou=groups, >>>> dc=conncoll, >>>> dc=edu >>>> </saml2:AttributeValue> >>>> </saml2:Attribute> >>>> <saml2:Attribute >>>> FriendlyName="sn" >>>> Name="sn" >>>> >>>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >>>> <saml2:AttributeValue>Tillinghast</saml2:AttributeValue> >>>> </saml2:Attribute> >>>> </saml2:AttributeStatement> >>>> </saml2:Assertion> >>>> </saml2p:Response> >>>> >>>> >>>> Is there something I'm missing to get userPrincipalName/mail as the >>>> subject? >>>> >>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/855695d8-33bf-4858-a145-344fe91601a8n%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/855695d8-33bf-4858-a145-344fe91601a8n%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/afaf0ef9-8293-4ba0-ba05-f6489c71105an%40apereo.org.
