Hello Fiisch Thank you so much! That ought to do it!
Best regards, Markus Am Mi., 10. Juli 2024 um 11:45 Uhr schrieb Petr Fišer < [email protected]>: > Hello, > This is what you need > https://apereo.github.io/cas/6.6.x/authentication/OAuth-Authentication-UserProfiles.html > . > Do not mind that it is for OAuth. CAS extends the OAuth services to enable > OIDC on them... so the OAuth part of documentation is also valid for OIDC. > > Cheers, > Fiisch > > > On 10. 07. 24 11:10, Markus Kahl wrote: > > Hi, > > we're trying to add CAS as an OpenID Connect to provider for an > OpenProject installation. > > We've gotten as far as the user being redirected to CAS to login and > coming back to OpenProject. > However, the issue then is that there are no user attributes in the > userinfo response directly (on the same level as 'sub' for instance). > Instead all the attributes are one level below under 'attributes'. > > { > "sub"=>"admin", > "service"=>"https://192.168.56.10/openproject/auth/cas/callback";, > "auth_time"=>1715934410, > "attributes"=>{ > "mail"=>"[email protected]", > "displayName"=>"admin", > "surname"=>"admin", > "givenName"=>"admin", > "groups"=>["admin"], > "cn"=>"admin", > "username"=>"admin" > }, > > According to the OpenID Connect specification [2] these attributes should > be one level higher, though. > Like this: > > { > "sub"=>"admin", > "name"=>"admin admin", > "family_name"=>"admin", > "given_name"=>"admin", > "email"=>"[email protected]" > } > > I found the same issue in [1] but it seems it was never resolved. > > I'm 99% sure this is not an issue on the OpenProject side which simply > uses default gems/libraries for the OpenID Connect things and works just > fine with Google, MS Entra, Keycloak etc. via OpenID Connect. > > So I suspect this must be an option on the CAS side. > Is there any hint I can give the people running the CAS instance as to > what to look for? > > Best regards, > Markus > > [1] [cas-user] CAS 6.2.1 OpenID Connect OP attribute release issues > (google.com) > <https://groups.google.com/a/apereo.org/g/cas-user/c/T9EeA_JXhqw> > [2] https://openid.net/specs/openid-connect-basic-1_0.html#StandardClaims > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6f03ef5-2b59-41d7-979e-12e1e35e6813n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6f03ef5-2b59-41d7-979e-12e1e35e6813n%40apereo.org?utm_medium=email&utm_source=footer> > . > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOs809g0zybi%2B%2BdFOPCKhhG41-uw6CedmYB_h3PgDmxs3upokg%40mail.gmail.com.
