Great CAS Guru's
I have modified my deployerConfigContext.xml file like this:
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"
>
<property name="contextSource" ref="contextSource" />
<property name="baseDN" value="ou=Users,dc=usf,dc=edu"
/>
<property name="requireAllQueryAttributes" value="true"
/>
<property name="queryAttributeMapping" >
<map>
<entry key="username" value="uid" />
</map>
</property>
<property name="resultAttributeMapping" >
<map>
<entry key="cn" value="Name" />
<entry key="mail" value="Email" />
<entry key="uid" value="Username" />
</map>
</property>
</bean>
And in the "cas/Services" site, I see the Name, Email and Username
Attributes in the service I added (all three are highlighted).
But when I send the SOAP-UI Post:
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";>
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<samlp:Request
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
MajorVersion="1" MinorVersion="1"
RequestID="_192.168.16.51.1024506224022"
IssueInstant="2002-06-19T17:03:44.022Z">
<samlp:AssertionArtifact>
ST-3-1tJlcJ2Cppb03uxPFdrF-cas
</samlp:AssertionArtifact>
</samlp:Request>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I do get back 2 of the 3 attributes:
<AttributeStatement>
<Subject>
<NameIdentifier>test1</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</Confirmatio
nMethod>
</SubjectConfirmation>
</Subject>
<Attribute AttributeName="Name"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<AttributeValue>test1</AttributeValue>
</Attribute>
<Attribute AttributeName="Username"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<AttributeValue>test1</AttributeValue>
</Attribute>
</AttributeStatement>
The reason I don't get back the email, I'm pretty sure, is probably an
LDAP mismatch...
Here is the LDAP entry for the "test1" user:
# Entry 8: uid=test1,ou=Users,dc=usf,dc=edu
dn: uid=test1,ou=Users,dc=usf,dc=edu
cn: test1
gidnumber: 1006
homedirectory: /home/test1
l: Jacksonville
loginshell: /bin/sh
objectclass: account
objectclass: posixAccount
objectclass: top
objectclass: shadowAccount
shadowlastchange: 14732
shadowmax: 99999
shadowwarning: 7
uid: test1
uidnumber: 1006
userpassword:
{crypt}$6$r0Aqh888$h6kFm431Hw8adxxTiDFtAhVQmKnmFSPhj0lzvqgSz6r
5byomd.SC3ebMQ3uQDeIZmVPDrs1GwqPeN1XEajuWx1
# Entry 9: cn=test1 user,uid=test1,ou=Users,dc=usf,dc=edu
dn: cn=test1 user,uid=test1,ou=Users,dc=usf,dc=edu
cn: test1 user
mail: [email protected]
objectclass: inetOrgPerson
objectclass: top
sn: user
Because these accounts were created as "Posix" accounts (so that they
can be used for authentication), I ended up having to add an
"inetOrgPerson" object class under the user in order to add the "mail"
attribute to the account. (if there is another way I would really like
to know!)
THE WHOLE GOAL OF THIS IS JUST TO RETURN THE "MAIL" ATTRIBUTE WHEN
REQUESTED BY AN APPLICATION!!! (sorry for the yelling...I'm losing my
mind on this)
Is it even possible with the way I have set up LDAP?
If so, what do I need to modify/change in order to return the mail
attribute? ( I really don't care about the other 2 attributes)
V/R,
Rob McKennon
Unix Admin (fish out of water)
From: Scott Battaglia [mailto:[email protected]]
Sent: Tuesday, June 01, 2010 3:03 PM
To: [email protected]
Subject: Re: [cas-user] mail attribute
Did you choose the attribute in the multi-select field for the service?
On Tue, Jun 1, 2010 at 10:37 AM, McKennon, Robert
<[email protected]> wrote:
I think I'm getting closer...
I have 3 entries in the "Services Management":
Services Management
http://localhost:8080/cas/services/*
SharePoint
http*://192.168.169.72:11123/*
Test
http*://192.168.167.74*
If I put this url (
https://fl028centos:8443/cas/login?service=http://192.168.167.74/ ) into
the browser, and authenticate via CAS, I get to the website.
But then if I try a SOAP request with samlValidate
(https://192.168.168.83:8443/cas/samlValidate?TARGET=http://192.168.167.
74&ticket=ST-11-7sQEFBje1XIwhwrOh9kA-cas -), I don't see any of the
attributes listed on the Service page show up in the SOAP response.
Should I?
Rob.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
