Does the generated SAML response show it? If so, then you're sending it properly.
On Tue, Aug 3, 2010 at 6:08 PM, Patrick O'Connor <[email protected]> wrote: > Hello All, > > > > Could someone please verify the following? I am trying to map an > AlternateUsername to Google. > > I can verify that in GoogleAccountsService.java, the SAML response is being > created with the correctly mapped attribute meaning LDAP/attribute > repository/resolvers seem to all be configured correctly, also the > argumentExtractor seems to be pulling the alternateUsername correctly, > please see below: > > > > private String constructSamlResponse() { > > String samlResponse = TEMPLATE_SAML_RESPONSE; > > > > final Calendar c = Calendar.getInstance(); > > c.setTime(new Date()); > > c.add(Calendar.YEAR, 1); > > > > final String userId; > > log.debug("AlternameUserName: " + this.alternateUserName); > > if (this.alternateUserName == null) { > > userId = getPrincipal().getId(); > > } else { > > final String attributeValue = (String) > getPrincipal().getAttributes().get(this.alternateUserName); > > log.debug("AttributeValue of alternateusername: " + > attributeValue); > > if (attributeValue == null) { > > userId = getPrincipal().getId(); > > } else { > > userId = attributeValue; > > } > > } > > log.debug("UserId value: " + userId); > > > > samlResponse = samlResponse.replace("<USERNAME_STRING>", userId); > > samlResponse = samlResponse.replace("<RESPONSE_ID>", createID()); > > samlResponse = samlResponse.replace("<ISSUE_INSTANT>", SamlUtils > > .getCurrentDateAndTime()); > > samlResponse = samlResponse.replace("<AUTHN_INSTANT>", SamlUtils > > .getCurrentDateAndTime()); > > samlResponse = samlResponse.replaceAll("<NOT_ON_OR_AFTER>", > SamlUtils > > .getFormattedDateAndTime(c.getTime())); > > samlResponse = samlResponse.replace("<ASSERTION_ID>", createID()); > > samlResponse = samlResponse.replaceAll("<ACS_URL>", getId()); > > samlResponse = samlResponse.replace("<REQUEST_ID>", > this.requestId); > > > > return samlResponse; > > } > > > > The extra log.debug lines allowed me to see that the correct values are > indeed getting populated. The final result is my application redirecting me > to a URL in the form of https://www.google.com/a/domain.edu/acs but the > page is blank… From the start, I havent changed any of the configurations, > but still fail to get the attribute mapping/SAML responses to Google > correctly. Here is some of the cas.log during this process. > > > > 2010-08-03 14:49:07,886 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor did not > generate service.> > > 2010-08-03 14:49:07,887 DEBUG > [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor did not > generate service.> > > 2010-08-03 14:49:07,897 DEBUG > [org.jasig.cas.web.support.GoogleAccountsArgumentExtractor] - <Extractor > generated service for: https://www.google.com/a/domain.edu/acs> > > 2010-08-03 14:49:07,898 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in > FlowScope: https://www.google.com/a/domain.edu/acs> > > 2010-08-03 14:49:17,894 DEBUG > [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <Performing > LDAP bind with credential: uid=000226420,ou=people,dc=domain,dc=edu> > > 2010-08-03 14:49:18,017 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > <AuthenticationHandler: > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully > authenticated the user which provided the following credentials: [username: > 000226420]> > > 2010-08-03 14:49:18,018 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - <Attempting to resolve a principal...> > > 2010-08-03 14:49:18,018 DEBUG > [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] > - <Attempting to resolve a principal...> > > 2010-08-03 14:49:18,019 DEBUG > [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] > - <Creating SimplePrincipal for [000226420]> > > 2010-08-03 14:49:18,019 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - <Resolved 000226420. Trying LDAP resolve now...> > > 2010-08-03 14:49:18,019 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - <LDAP search with filter "(uid=000226420)"> > > 2010-08-03 14:49:18,019 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - <returning searchcontrols: scope=2; search > base=ou=people,dc=domain,dc=edu; attributes=[uid]; timeout=1000> > > 2010-08-03 14:49:18,139 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - <CredentialResolver attribute: uid: 000226420> > > 2010-08-03 14:49:18,140 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - <Resolved 000226420 to 000226420> > > 2010-08-03 14:49:18,140 DEBUG > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] > - <Creating SimplePrincipal for [000226420]> > > 2010-08-03 14:49:18,140 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - > <Created seed map='{username=[000226420]}' for uid='000226420'> > > 2010-08-03 14:49:18,141 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - <Adding > attribute 'uid' with value '[000226420]' to query builder 'null'> > > 2010-08-03 14:49:18,141 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - > <Generated query builder '(uid=000226420)' from query Map > {username=[000226420]}.> > > 2010-08-03 14:49:18,271 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - <Query > Result Size: 1> > > 2010-08-03 14:49:18,272 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - > <QueryUserName in For Loop: 000226420> > > 2010-08-03 14:49:18,272 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - <Query > People Attributes: > [CaseInsensitiveNamedPersonImpl[name=000226420,attributes={domainEduPersonAltUid=[coyotej]}]]> > > 2010-08-03 14:49:18,273 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket > [TGT-2-IBZxI5sOdCVMuLP5Z3YAM27i4e9rhrEn9XHymsYK0WZZ2taIB7-cas] to registry.> > > 2010-08-03 14:49:18,274 DEBUG > [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed > cookie with name [CASPRIVACY]> > > 2010-08-03 14:49:18,276 DEBUG > [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie > with name [CASTGC] and value > [TGT-2-IBZxI5sOdCVMuLP5Z3YAM27i4e9rhrEn9XHymsYK0WZZ2taIB7-cas]> > > 2010-08-03 14:49:18,277 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket > [TGT-2-IBZxI5sOdCVMuLP5Z3YAM27i4e9rhrEn9XHymsYK0WZZ2taIB7-cas]> > > 2010-08-03 14:49:18,277 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket > [TGT-2-IBZxI5sOdCVMuLP5Z3YAM27i4e9rhrEn9XHymsYK0WZZ2taIB7-cas] found in > registry.> > > 2010-08-03 14:49:18,279 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket > [ST-2-Ac2CVEeJJtfKrAf4Vo5a-cas] to registry.> > > 2010-08-03 14:49:18,279 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket > [ST-2-Ac2CVEeJJtfKrAf4Vo5a-cas] for service [ > https://www.google.com/a/domain.edu/acs] for user [000226420]> > > 2010-08-03 14:49:18,282 DEBUG > [org.jasig.cas.authentication.principal.GoogleAccountsService] - > <AlternameUserName: domainEduPersonAltUid> > > 2010-08-03 14:49:18,282 DEBUG > [org.jasig.cas.authentication.principal.GoogleAccountsService] - > <AttributeValue of alternateusername: coyotej> > > 2010-08-03 14:49:18,282 DEBUG > [org.jasig.cas.authentication.principal.GoogleAccountsService] - <UserId > value: coyotej> > > > > Anyone experience anything similar? > > > > > > Patrick O’Connor > > *Operating Systems Analyst* > > * * > > Administrative Computing Services & > > Common Management System, > > California State University, San Bernardino > Office: (909) 537-5000 Ext: 73758 > Email: *[email protected]* > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
