Now with SAML Tracer i see my attributes with this service
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "https://test-moodle.exemple.com";,
"name" : "Sample",
"id" : 1730131468521,
"requiredNameIdFormat":
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "mail",
}
"metadataLocation" :
"https://test-moodle.exemple.com/Shibboleth.sso/Metadata";,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
}
Now i want to have mail urn:oid:0.9.2342.19200300.100.1.3
givenName urn:oid:2.5.4.42
sn urn:oid:2.5.4.42
mail urn:oid:0.9.2342.19200300.100.1.3
Le lundi 28 octobre 2024 à 13:10:47 UTC, Jeremiah Garmatter a écrit :
> Papeace,
>
> If you haven't already, I'd recommend installing a web-browser plugin
> called "SAMLTracer". It'll decode SAML requests and responses which you can
> use to troubleshoot the authentication process.
> I'm not sure if this is an copy-paste issue or some sort of encoding
> problem, but your requiredNameIdFormat has an "@6bb1a595" at the end. I'm
> not sure that is a valid nameID format.
> Typically, I obtain the nameID format from the SP metadata. I'll copy the
> string directly from the SP's metadata and paste it into the json file.
> Then, if necessary, I'll map it to another attribute with something like
> this:
> "requiredNameIdFormat":
> "urn:oasis:names:tc:SAML:1.1:nameid-format:persistent",
> "usernameAttributeProvider" : {
> "@class" :
> "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
> "usernameAttribute" : "myPersistentIDAttribute",
> }
>
> On Saturday, October 26, 2024 at 2:44:29 PM UTC-4 Papeace Ndiaye wrote:
>
>> I am configuring CAS SAML2 to authenticate my applications like Moodle,
>> WAYF, Shibboleth, etc., but the issue is that I can obtain the metadata,
>> yet I still encounter authorization errors.
>> cas.server.name=https://cas.exemple.com
>> cas.server.prefix=${cas.server.name}/cas
>> logging.config=file:/etc/cas/config/log4j2.xml
>> cas.authn.attributeRepository.ldap[0].attributes.mail=mail
>> cas.authn.attributeRepository.ldap[0].attributes.sn=sn
>> cas.authn.attributeRepository.ldap[0].attributes.givenName=givenName
>> cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
>> cas.authn.ldap[0].type=AUTHENTICATED
>> cas.authn.ldap[0].ldapUrl=ldap://10.10.10.10
>> cas.authn.ldap[0].baseDn=dc=exemple,dc=com
>> cas.authn.ldap[0].searchFilter=uid={user}
>> cas.authn.ldap[0].subtreeSearch=true
>> cas.authn.ldap[0].bindDn=cn=admin,dc=exemple,dc=com
>> cas.authn.ldap[0].bindCredential=password
>> cas.authn.ldap[0].principalAttributeId=uid
>>
>> cas.authn.ldap[0].principalAttributeList=sn,givenName,mail,eduPersonPrimaryAffiliation,displayName
>> cas.service-registry.core.init-from-json=false
>> cas.service-registry.json.location=file:/etc/cas/services
>> #################### SAML2 ##############################
>>
>> cas.authn.saml-idp.core.entity-id=https://cas.exemple.com/cas/idp
>> cas.authn.saml-idp.metadata.file-system.location=file:/etc/cas/saml/
>> cas.server.scope=exemple.com
>> cas.authn.saml-idp.metadata.file-system.sign-metadata=false
>> cas.authn.saml-idp.metadata.core.cache-expiration=PT5M
>>
>> my service saml-1001.json
>> {
>> @class: org.apereo.cas.support.saml.services.SamlRegisteredService
>> serviceId: https://moodle.exemple.com
>> name: sml
>> id: 1001
>> evaluationOrder: 3
>> attributeReleasePolicy:
>> {
>> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
>> excludeDefaultAttributes: true
>> }
>> metadataLocation:
>> https://moodle.unchk.sn/auth/mo_saml/index.php?option=mosaml_metadata
>> requiredNameIdFormat:
>> org.opensaml.saml.saml2.metadata.impl.NameIDFormatImpl@6bb1a595
>> signAssertions: TRUE
>> signingCredentialType: BASIC
>> }
>> @ray
>> @jeremy
>> please can you help me
>>
>>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/328b2327-30f1-45a0-843c-96039170f1e1n%40apereo.org.
