Thank you for your help Julien.
We now have been able to get an attribute returning in the CAS response, but we
are now stumped in that only a single attribute (the last one) is ever
returned. I'm wondering if anyone on this list might be able to point us in the
right direction to get multiple attributes returned.
We have a slightly different configuration than in the cas-toolkit as we have
an Active Directory LDAP back-end, but otherwise our configuration is almost
the same as yours. To simplify our debugging, we inserted the values directly
into our deployerConfigContext.xml rather than use the separate configuration
files. Below is our attributeRepository configuration:
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="baseDN" value="CN=Users,DC=middlebury,DC=edu" />
<!-- This query is used to find the entry for populating
attributes. {0} will be replaced by the new Principal ID extracted from the
ldap -->
<property name="query" value="(sAMAccountName={0})" />
<property name="contextSource" ref="contextSource" />
<property name="ldapAttributesToPortalAttributes">
<map>
<!-- Mapping beetween LDAP entry's attributes
(key) and Principal"s (value) -->
<entry key="extensionAttribute12"
value="extensionAttribute12" />
<entry key="givenName" value="givenName" />
<entry key="mail" value="EMail" />
<entry key="sn" value="sn" />
</map>
</property>
</bean>
When turning on DEBUG logging and authenticating, I get the log output
indicating that values have been found for all of the attributes specified in
the config:
2009-03-11 16:53:42,503 DEBUG
[org.jasig.cas.CentralAuthenticationServiceImpl] - Attempting to create
TicketGrantingTicket for [username: afranco]
2009-03-11 16:53:42,516 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials: [username:
afranco]
2009-03-11 16:53:42,516 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- Attempting to resolve a principal...
2009-03-11 16:53:42,517 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- Attempting to resolve a principal...
2009-03-11 16:53:42,517 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- Creating SimplePrincipal for [afranco]
2009-03-11 16:53:42,517 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created
seed map='{username=[afranco]}' for uid='afranco'
2009-03-11 16:53:42,517 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
Constructed argument array '[[afranco]]' from the
defaultAttributeName='username'
2009-03-11 16:53:42,522 WARN
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Converting
value 0 of LDAP attribute 'mail' from byte[] to String
2009-03-11 16:53:42,522 DEBUG
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1
attributes under mapped names '[EMail]' for source attribute 'mail'
2009-03-11 16:53:42,522 WARN
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Converting
value 0 of LDAP attribute 'sn' from byte[] to String
2009-03-11 16:53:42,522 DEBUG
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1
attributes under mapped names '[sn]' for source attribute 'sn'
2009-03-11 16:53:42,523 WARN
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Converting
value 0 of LDAP attribute 'extensionAttribute12' from byte[] to String
2009-03-11 16:53:42,523 DEBUG
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1
attributes under mapped names '[extensionAttribute12]' for source attribute
'extensionAttribute12'
2009-03-11 16:53:42,523 WARN
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Converting
value 0 of LDAP attribute 'givenName' from byte[] to String
2009-03-11 16:53:42,523 DEBUG
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1
attributes under mapped names '[givenName]' for source attribute 'givenName'
2009-03-11 16:53:42,523 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- Resolved afranco. Trying LDAP resolve now...
2009-03-11 16:53:42,523 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- LDAP search with filter "(sAMAccountName=afranco)"
2009-03-11 16:53:42,523 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- returning searchcontrols: scope=2; search
base=CN=Users,DC=middlebury,DC=edu; attributes=[sAMAccountName]; timeout=1000
2009-03-11 16:53:42,527 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- Resolved afranco to afranco
2009-03-11 16:53:42,527 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- Creating SimplePrincipal for [afranco]
2009-03-11 16:53:42,527 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created
seed map='{username=[afranco]}' for uid='afranco'
2009-03-11 16:53:42,527 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
Constructed argument array '[[afranco]]' from the
defaultAttributeName='username'
2009-03-11 16:53:42,531 WARN
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Converting
value 0 of LDAP attribute 'mail' from byte[] to String
2009-03-11 16:53:42,532 DEBUG
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1
attributes under mapped names '[EMail]' for source attribute 'mail'
2009-03-11 16:53:42,532 WARN
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Converting
value 0 of LDAP attribute 'sn' from byte[] to String
2009-03-11 16:53:42,532 DEBUG
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1
attributes under mapped names '[sn]' for source attribute 'sn'
2009-03-11 16:53:42,532 WARN
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Converting
value 0 of LDAP attribute 'extensionAttribute12' from byte[] to String
2009-03-11 16:53:42,532 DEBUG
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1
attributes under mapped names '[extensionAttribute12]' for source attribute
'extensionAttribute12'
2009-03-11 16:53:42,532 WARN
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Converting
value 0 of LDAP attribute 'givenName' from byte[] to String
2009-03-11 16:53:42,532 DEBUG
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1
attributes under mapped names '[givenName]' for source attribute 'givenName'
2009-03-11 16:53:42,533 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket
[TGT-2-ZIW3OgYA3sAtIrAdSEGSwMq4R9moUkDGfcFQYR6JXJWFB2O0fk-cas] to registry.
2009-03-11 16:53:42,535 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie
with name [CASPRIVACY]
2009-03-11 16:53:42,535 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Added cookie with
name [CASTGC] and value
[TGT-2-ZIW3OgYA3sAtIrAdSEGSwMq4R9moUkDGfcFQYR6JXJWFB2O0fk-cas]
2009-03-11 16:53:42,536 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve
ticket [TGT-2-ZIW3OgYA3sAtIrAdSEGSwMq4R9moUkDGfcFQYR6JXJWFB2O0fk-cas]
2009-03-11 16:53:42,536 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
[TGT-2-ZIW3OgYA3sAtIrAdSEGSwMq4R9moUkDGfcFQYR6JXJWFB2O0fk-cas] found in
registry.
2009-03-11 16:53:42,538 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket
[ST-2-RevXLBeywUmfNDbl7d7D-cas] to registry.
2009-03-11 16:53:42,538 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
[ST-2-RevXLBeywUmfNDbl7d7D-cas] for service
[http://termite.middlebury.edu/~afranco/CAS_Test/] for user [afranco]
2009-03-11 16:53:42,557 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated service
for: http://termite.middlebury.edu/~afranco/CAS_Test/
2009-03-11 16:53:42,559 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve
ticket [ST-2-RevXLBeywUmfNDbl7d7D-cas]
2009-03-11 16:53:42,559 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
[ST-2-RevXLBeywUmfNDbl7d7D-cas] found in registry.
2009-03-11 16:53:42,559 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket
[ST-2-RevXLBeywUmfNDbl7d7D-cas] from registry
However, only the last of the attributes (in this case the sn) is printed out
in the response:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>afranco</cas:user>
<cas:attributes>
<cas:attribute>
<cas:name>sn</cas:name>
<cas:value>Franco</cas:value>
</cas:attribute>
</cas:attributes>
</cas:authenticationSuccess>
</cas:serviceResponse>
Does anyone have any idea how I might debug this issue? For instance, where
should the auth.principal.attributes property be initialized?
Thanks for your help!
Adam
--
Adam Franco
Middlebury College
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
