Re: [cas-user] SAML attribute release

Fri, 17 Sep 2010 04:08:35 -0700

The casServiceValidationSuccess.jsp is for the cas2.0 protocol and not for saml. Have you allowed the attribute release in the service management gui for the specific service? 

Regards,

Joachim



Am 17.09.2010 12:24, schrieb Kapetanakis Giannis:

I've also fixed casServiceValidationSuccess.jsp according to
https://issues.jasig.org/browse/CAS-655

<cas:attributes>
          <c:forEach var="attr" 
items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"
          varStatus="loopStatus" begin="0"
          
end="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes)-1}"
          step="1">
          
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
          </c:forEach>
       </cas:attributes>

Also<property name="allowedAttributes" is not the problem. All attributes are 
there (error in copy paste).

This is the response I get in my client:

5C29 .|    |    |    |    =>  CASClient::setSessionAttributes('<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" 
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; IssueInstant="2010-09-17T10:10:55.463Z" MajorVersion="1" MinorVersion="1" 
Recipient="https://www.nmc.teicrete.gr/ldap2/"; ResponseID="_35e403beba4195f6d751e2194564e3b6"><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_33d27bd42ff8fe078c4b5cbc10eb707f" 
IssueInstant="2010-09-17T10:10:55.463Z" Issuer="localhost" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2010-09-17T10:10:55.463Z" NotOnOrAfter="2010-09-17T10:11:25.463Z"><

AudienceRestrictionCondition><Audience>https://www.nmc.teicrete.gr/ldap2/</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement 
AuthenticationInstant="2010-09-17T10:10:55.328Z" 
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier>[email protected]</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement></Assertion></Response></SOAP-ENV:Body></SOAP-ENV:Envelope>')
 [client.php:1560]

5C29 .|    |    |    |    |    SAML Attributes are empty [client.php:1628]

Any ideas?

regards,

Giannis




--
Joachim Fritschi
Hochschulrechenzentrum (HRZ)
L1|01 Raum 248
Petersenstr. 30
64287 Darmstadt

Tel. +49 6151 16-5638
Fax. +49 6151 16-3050
E-Mail: [email protected]

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to