Thanks, this really helped me wrap my head around what I was seeing here!
I got it to work by adding
<c:if
test="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes)
> 0}"> <cas:attributes>
<c:forEach var="attr"
items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"
varStatus="loopStatus" begin="0"
end="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes)-1}"
step="1">
<cas:attribute>
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
</cas:attribute>
</c:forEach> </cas:attributes>
</c:if>
to my
cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp
file, so now I can at least tell that the correct information is being passed.
I am working right now with the SAML protocol as suggested by Marvin Addison. I
am using two different clients - Luminis 5 and some custom Coldfusion
applications. It was the coldfusion I was using to look at the serviceResponse
XML, and the standard Coldfusion CAS Client does not currently support SAML,
but I think I can get that working.
-Aaron
-----Original Message-----
From: Shoji Kajita [mailto:[email protected]]
Sent: Wednesday, November 10, 2010 5:57 PM
To: Chantrill, Aaron
Cc: [email protected]
Subject: Re: [cas-user] Attributes Question
Hi Aaron,
https://issues.jasig.org/browse/CAS-655 could help you:-)
Shoji
At Wed, 10 Nov 2010 17:12:31 +0000,
Chantrill, Aaron wrote:
>
> I have what is probably a dumb question, but I haven't been able to figure it
> out after googling after it for a few days now and it should be pretty easy
> for someone who understands this system to answer. I am trying to understand
> the "Attributes" system in /Services/Manage.html. It's not working for me,
> and I'm not sure if I'm getting an error or if my expectations are incorrect.
>
> I have been able to define the attributes I want to pass from the LDAP server
> in the cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml
> file under
> beans
> ->authenticationManager->credentialsToPrincipleResolvers->credentialsToLDAPAttributePrincipalResolver->attributeRepository->ldapAttributesToPortalAttributes.
>
> My understanding is that if I select these attributes in the services
> manager, then they should be passed to my client application along with the
> user name, however I have never seen this work - my serviceResponse always
> looks like:
>
> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
> <cas:authenticationSuccess>
> <cas:user>achantrill</cas:user>
>
>
> </cas:authenticationSuccess>
> </cas:serviceResponse>
>
> The relevant parts of my cas.log look like this:
> 2010-11-09 09:04:59,367 DEBUG
> [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
> - Resolved achantrill to achantrill
> 2010-11-09 09:04:59,367 DEBUG
> [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
> - Creating SimplePrincipal for [achantrill]
> 2010-11-09 09:04:59,369 DEBUG
> [org.springframework.ldap.core.support.AbstractContextSource] - Principal:
> 'cn=Directory Manager'
> 2010-11-09 09:04:59,369 DEBUG
> [org.springframework.ldap.core.support.AbstractContextSource] - Got Ldap
> context on server 'ldap://shuttle:10389/'
> 2010-11-09 09:04:59,371 WARN
> [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] -
> Converting value 0 of LDAP attribute 'uid' from byte[] to String
> 2010-11-09 09:04:59,371 WARN
> [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] -
> Converting value 0 of LDAP attribute 'mail' from byte[] to String
> 2010-11-09 09:04:59,371 WARN
> [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] -
> Converting value 0 of LDAP attribute 'sn' from byte[] to String
> 2010-11-09 09:04:59,371 WARN
> [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] -
> Converting value 0 of LDAP attribute 'cn' from byte[] to String
> 2010-11-09 09:04:59,376 DEBUG
> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
> 'AuthenticationViaFormAction' completed execution; result is 'success'
> 2010-11-09 09:04:59,376 DEBUG
> [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - Action
> 'SendTicketGrantingTicketAction' beginning execution
> 2010-11-09 09:04:59,377 DEBUG
> [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - Action
> 'SendTicketGrantingTicketAction' completed execution; result is 'success'
>
> I have seen instructions at
> https://wiki.jasig.org/display/CASC/CASifying+OpenCms which returns about
> what I am expecting to see, but it requires modifying
> $(cas_server)/WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp
> to add the cas:attributes section.
>
> Am I misunderstanding the expected behavior here? Are the warnings above
> telling me that the attributes are not being processed correctly? Am I
> missing something obvious?
>
> Thanks for any help. I really appreciate it.
>
> -Aaron
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
