Re: [cas-user] SAML attribute release

Wed, 03 Nov 2010 07:48:03 -0700 

> I'm attaching TRACE log on org.jasig.

I studied your log carefully and I see nothing that would indicate a
server problem with attribute release.  Quite the contrary, I see all
the right signs:

1. The service is recognized and the attributes are allowed in the
service registry:
2010-10-30 12:10:42,029 TRACE
[org.jasig.cas.services.RegisteredServiceImpl] - Entering method
[getAllowedAttributes with arguments []
2010-10-30 12:10:42,029 TRACE
[org.jasig.cas.services.RegisteredServiceImpl] - Leaving method
[getAllowedAttributes] with return value
[[mail,cn,telephoneNumber,givenname,sn,uid]].

2. The attributes exist in the cached principal:
2010-10-30 12:10:42,029 TRACE
[org.jasig.cas.authentication.principal.SimplePrincipal] - Entering
method [getAttributes with arguments []
2010-10-30 12:10:42,030 TRACE
[org.jasig.cas.authentication.principal.SimplePrincipal] - Leaving
method [getAttributes] with return value [{uid=user,
[email protected], sn=Καπετανάκης, cn=Καπετανάκης Γιάννης,
telephoneNumber=4161, givenname=Γιάννης}].

3. The SAML success response is rendered:
2010-10-30 12:10:42,056 TRACE
[org.jasig.cas.web.view.Saml10SuccessResponseView] - Rendering view
with name 'casSamlServiceSuccessView' with model
{assertion=[principals={[[[email protected],
attributes={authenticationMethod=org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler}]]}
for service=https://www.example.com/cas/]} and static attributes {}

I can't say for sure that the response contains a principal with the
attributes in 2, but there is nothing to indicate the contrary.
Without further evidence of a problem on the server, I'd recommend
concentrating on hard evidence that the server is sending a response
without attributes.  I'd recommend wire capture or equivalent to
convince yourself the server response is absent attributes.  If you
obtain such evidence, the next step will be to build a custom server
with additional logging statements to help identify the problem.  I'll
send you a patch to apply if we make it that far.

M

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to