Well, I'm not sure what happened, but after rebuilding CAS several more times we are now successfully getting multiple attributes returned. Thanks for your help, Julien!
Adam -- Adam Franco Middlebury College On Wed, Mar 11, 2009 at 4:55 PM, Adam Franco <[email protected]> wrote: > Thank you for your help Julien. > > We now have been able to get an attribute returning in the CAS response, > but we are now stumped in that only a single attribute (the last one) is > ever returned. I'm wondering if anyone on this list might be able to point > us in the right direction to get multiple attributes returned. > > We have a slightly different configuration than in the cas-toolkit as we > have an Active Directory LDAP back-end, but otherwise our configuration is > almost the same as yours. To simplify our debugging, we inserted the values > directly into our deployerConfigContext.xml rather than use the separate > configuration files. Below is our attributeRepository configuration: > > <bean id="attributeRepository" > > class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> > <property name="baseDN" > value="CN=Users,DC=middlebury,DC=edu" /> > <!-- This query is used to find the entry for populating > attributes. {0} will be replaced by the new Principal ID extracted from the > ldap --> > <property name="query" value="(sAMAccountName={0})" /> > > <property name="contextSource" ref="contextSource" /> > <property name="ldapAttributesToPortalAttributes"> > <map> > <!-- Mapping beetween LDAP entry's > attributes (key) and Principal"s (value) --> > <entry key="extensionAttribute12" > value="extensionAttribute12" /> > <entry key="givenName" value="givenName" /> > <entry key="mail" value="EMail" /> > <entry key="sn" value="sn" /> > </map> > </property> > </bean> > > When turning on DEBUG logging and authenticating, I get the log output > indicating that values have been found for all of the attributes specified > in the config: > > 2009-03-11 16:53:42,503 DEBUG > [org.jasig.cas.CentralAuthenticationServiceImpl] - Attempting to create > TicketGrantingTicket for [username: afranco] > 2009-03-11 16:53:42,516 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > AuthenticationHandler: > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully > authenticated the user which provided the following credentials: [username: > afranco] > 2009-03-11 16:53:42,516 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - Attempting to resolve a principal... > 2009-03-11 16:53:42,517 DEBUG > [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] > - Attempting to resolve a principal... > 2009-03-11 16:53:42,517 DEBUG > [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] > - Creating SimplePrincipal for [afranco] > 2009-03-11 16:53:42,517 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created > seed map='{username=[afranco]}' for uid='afranco' > 2009-03-11 16:53:42,517 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - > Constructed argument array '[[afranco]]' from the > defaultAttributeName='username' > 2009-03-11 16:53:42,522 WARN > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - > Converting value 0 of LDAP attribute 'mail' from byte[] to String > 2009-03-11 16:53:42,522 DEBUG > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1 > attributes under mapped names '[EMail]' for source attribute 'mail' > 2009-03-11 16:53:42,522 WARN > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - > Converting value 0 of LDAP attribute 'sn' from byte[] to String > 2009-03-11 16:53:42,522 DEBUG > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1 > attributes under mapped names '[sn]' for source attribute 'sn' > 2009-03-11 16:53:42,523 WARN > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - > Converting value 0 of LDAP attribute 'extensionAttribute12' from byte[] to > String > 2009-03-11 16:53:42,523 DEBUG > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1 > attributes under mapped names '[extensionAttribute12]' for source attribute > 'extensionAttribute12' > 2009-03-11 16:53:42,523 WARN > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - > Converting value 0 of LDAP attribute 'givenName' from byte[] to String > 2009-03-11 16:53:42,523 DEBUG > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1 > attributes under mapped names '[givenName]' for source attribute 'givenName' > 2009-03-11 16:53:42,523 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - Resolved afranco. Trying LDAP resolve now... > 2009-03-11 16:53:42,523 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - LDAP search with filter "(sAMAccountName=afranco)" > 2009-03-11 16:53:42,523 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - returning searchcontrols: scope=2; search > base=CN=Users,DC=middlebury,DC=edu; attributes=[sAMAccountName]; > timeout=1000 > 2009-03-11 16:53:42,527 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - Resolved afranco to afranco > 2009-03-11 16:53:42,527 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - Creating SimplePrincipal for [afranco] > 2009-03-11 16:53:42,527 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created > seed map='{username=[afranco]}' for uid='afranco' > 2009-03-11 16:53:42,527 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - > Constructed argument array '[[afranco]]' from the > defaultAttributeName='username' > 2009-03-11 16:53:42,531 WARN > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - > Converting value 0 of LDAP attribute 'mail' from byte[] to String > 2009-03-11 16:53:42,532 DEBUG > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1 > attributes under mapped names '[EMail]' for source attribute 'mail' > 2009-03-11 16:53:42,532 WARN > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - > Converting value 0 of LDAP attribute 'sn' from byte[] to String > 2009-03-11 16:53:42,532 DEBUG > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1 > attributes under mapped names '[sn]' for source attribute 'sn' > 2009-03-11 16:53:42,532 WARN > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - > Converting value 0 of LDAP attribute 'extensionAttribute12' from byte[] to > String > 2009-03-11 16:53:42,532 DEBUG > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1 > attributes under mapped names '[extensionAttribute12]' for source attribute > 'extensionAttribute12' > 2009-03-11 16:53:42,532 WARN > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - > Converting value 0 of LDAP attribute 'givenName' from byte[] to String > 2009-03-11 16:53:42,532 DEBUG > [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1 > attributes under mapped names '[givenName]' for source attribute 'givenName' > 2009-03-11 16:53:42,533 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket > [TGT-2-ZIW3OgYA3sAtIrAdSEGSwMq4R9moUkDGfcFQYR6JXJWFB2O0fk-cas] to registry. > 2009-03-11 16:53:42,535 DEBUG > [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie > with name [CASPRIVACY] > 2009-03-11 16:53:42,535 DEBUG > [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Added cookie > with name [CASTGC] and value > [TGT-2-ZIW3OgYA3sAtIrAdSEGSwMq4R9moUkDGfcFQYR6JXJWFB2O0fk-cas] > 2009-03-11 16:53:42,536 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to > retrieve ticket > [TGT-2-ZIW3OgYA3sAtIrAdSEGSwMq4R9moUkDGfcFQYR6JXJWFB2O0fk-cas] > 2009-03-11 16:53:42,536 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket > [TGT-2-ZIW3OgYA3sAtIrAdSEGSwMq4R9moUkDGfcFQYR6JXJWFB2O0fk-cas] found in > registry. > 2009-03-11 16:53:42,538 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket > [ST-2-RevXLBeywUmfNDbl7d7D-cas] to registry. > 2009-03-11 16:53:42,538 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket > [ST-2-RevXLBeywUmfNDbl7d7D-cas] for service [ > http://termite.middlebury.edu/~afranco/CAS_Test/<http://termite.middlebury.edu/%7Eafranco/CAS_Test/>] > for user [afranco] > 2009-03-11 16:53:42,557 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated > service for: > http://termite.middlebury.edu/~afranco/CAS_Test/<http://termite.middlebury.edu/%7Eafranco/CAS_Test/> > 2009-03-11 16:53:42,559 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to > retrieve ticket [ST-2-RevXLBeywUmfNDbl7d7D-cas] > 2009-03-11 16:53:42,559 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket > [ST-2-RevXLBeywUmfNDbl7d7D-cas] found in registry. > 2009-03-11 16:53:42,559 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket > [ST-2-RevXLBeywUmfNDbl7d7D-cas] from registry > > However, only the last of the attributes (in this case the sn) is printed > out in the response: > > <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > <cas:authenticationSuccess> > <cas:user>afranco</cas:user> > <cas:attributes> > <cas:attribute> > <cas:name>sn</cas:name> > > <cas:value>Franco</cas:value> > </cas:attribute> > </cas:attributes> > </cas:authenticationSuccess> > </cas:serviceResponse> > > Does anyone have any idea how I might debug this issue? For instance, where > should the auth.principal.attributes property be initialized? > > Thanks for your help! > > Adam > > -- > > Adam Franco > Middlebury College > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
