Hello all, I have been getting a working instance of CAS 3.4.7 setup in a test environment and everything seems to be running ok, on the surface at least. For the life of me I cannot get the AD attributes to return at all, so the services that use the uid or username are fine (again to be clear and avoid ambiguity, it works if there is a username that matches in Google Apps), but for the google apps integration we'll need to pass back the email address (or some other attribute), the problem is no attributes are being returned and it's dropping through to the username that user logs in with. Below is a short list of what I have tried as well as log snippets:
1. Tried the tip here to get the attributes - https://wiki.jasig.org/display/CASUM/Google+Apps+from+MS-AD+using+the+%27mail%27+attribute (FAILED) 2. Turned logging up to debug and trace as well as added all of these https://wiki.jasig.org/display/CASUM/Logging f(here is a sample): <snip> 2011-05-11 10:54:18,540 TRACE [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - Leaving method [resolvePrincipal] with return value [scotttest]. 2011-05-11 10:54:18,540 TRACE [org.jasig.cas.authentication.principal.SimplePrincipal] - Entering method [toString with arguments [] 2011-05-11 10:54:18,540 TRACE [org.jasig.cas.authentication.principal.SimplePrincipal] - Leaving method [toString] with return value [scotttest]. 2011-05-11 10:54:18,540 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal scotttest 2011-05-11 10:54:18,540 TRACE [org.jasig.cas.authentication.principal.SimplePrincipal] - Entering method [getId with arguments [] 2011-05-11 10:54:18,540 TRACE [org.jasig.cas.authentication.principal.SimplePrincipal] - Leaving method [getId] with return value [scotttest]. 2011-05-11 10:54:18,541 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Principal found: scotttest 2011-05-11 10:54:18,541 TRACE [org.jasig.cas.authentication.principal.SimplePrincipal] - Entering method [getId with arguments [] 2011-05-11 10:54:18,541 TRACE [org.jasig.cas.authentication.principal.SimplePrincipal] - Leaving method [getId] with return value [scotttest]. 2011-05-11 10:54:18,541 TRACE [org.jasig.cas.authentication.principal.SimplePrincipal] - Entering method [getAttributes with arguments [] 2011-05-11 10:54:18,541 TRACE [org.jasig.cas.authentication.principal.SimplePrincipal] - Leaving method [getAttributes] with return value [{}]. <<--HERE 2011-05-11 10:54:18,541 DEBUG [org.jasig.cas.authentication.AuthenticationManagerImpl] - Attribute map for scotttest: {}<<--HERE 2011-05-11 10:54:18,541 TRACE [org.jasig.cas.authentication.principal.UsernamePasswordCredentials] - Entering method [toString with arguments [] 2011-05-11 10:54:18,541 TRACE [org.jasig.cas.authentication.principal.UsernamePasswordCredentials] - Leaving method [toString] with return value [[username: scotttest]]. 2011-05-11 10:54:18,541 TRACE [org.jasig.cas.authentication.principal.UsernamePasswordCredentials] - Entering method [toString with arguments [] 2011-05-11 10:54:18,541 TRACE [org.jasig.cas.authentication.principal.UsernamePasswordCredentials] - Leaving method [toString] with return value [[username: scotttest]]. 2011-05-11 10:54:18,541 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN </snip> 3. Specified in both the manager and in the serviceRegistryDao (specifically InMemory for now): <snip> <bean class="org.jasig.cas.services.RegisteredServiceImpl" p:id="2" p:description="Google Apps SAML" p:serviceId="google URL goes here" p:name="Google Apps" p:allowedToProxy="true" p:enabled="true" p:ssoEnabled="true" p:anonymousAccess="false"> <property name="allowedAttributes"> <list> <value>emailAddress</value> <<--Guessed here not sure if it is correct but it shows up selected in the manager </list> </property> </bean> </snip> 3a. attributeRepository setup as follows: <snip> <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="contextSource" ref="Employee" /> <property name="baseDN" value="dc=myschool,dc=edu" /> <property name="requireAllQueryAttributes" value="false"/> <<--Have tried true and false here to no avail <property name="ignorePartialResultException" value="yes"/> <<--For AD <property name="queryAttributeMapping"> <map> <entry key="username" value="sAMAccountName"/> </map> </property> <property name="resultAttributeMapping"> <map> <!-- These badboys are not getting returned --> <entry key="mail" value="emailAddress"/> <entry key="sAMAccountName" value="uid"/> </map> </property> </bean> </snip> 4. I have even tried patching LdapPersonAttributeDao.java as found here https://issues.jasig.org/browse/PERSONDIR-58 5. Yes, using ldapsearch as the auth account as well as the user account returns the correct attributes (mail, sAMAccountName, any other of the available attributes). 6. Correct dependency added to pom.xml <snip> <dependency> <groupId>${project.groupId}</groupId> <artifactId>cas-server-support-<ldap/artifactId> <version>${project.version}</version> </dependency> </snip> I am quite sure I am forgetting something, but looking at the cas.log here https://lists.wisc.edu/read/attachment/8583077/2/cas.log, I am either not logging the correct things or nothing is getting returned. Any help would be greatly and sincerely appreciated, thanks! <snip> 2010-10-30 12:10:41,632 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - Creating SimplePrincipal for [[email protected]] 2010-10-30 12:10:41,632 DEBUG [org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] - Created seed map='{username=[[email protected]]}' for uid='[email protected]' 2010-10-30 12:10:41,633 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding attribute 'mail' with value '[[email protected]]' to query builder 'null' 2010-10-30 12:10:41,636 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Generated query builder '([email protected])' from query Map {username=[[email protected]]}. 2010-10-30 12:10:41,714 DEBUG [org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] - Retrieved attributes='[NamedPersonImpl[[email protected],attributes={uid=[user], mail=[[email protected]], cn=[Καπετανάκης Γιάννης], telephoneNumber=[4161], givenname=[Γιάννης], sn=[Καπετανάκης]}]]' for query='{username=[[email protected]]}', isFirstQuery=false, currentlyConsidering='org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao@60c9161b', resultAttributes='null' 2010-10-30 12:10:41,714 DEBUG [org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] - Aggregated search results '[NamedPersonImpl[[email protected],attributes={uid=[user], mail=[[email protected]], cn=[Καπετανάκης Γιάννης], telephoneNumber=[4161], givenname=[Γιάννης], sn=[Καπετανάκης]}]]' for query='{username=[[email protected]]}' </snip> System is: CentOS release 5.6 (Final) Apache Tomcat/6.0.32 java version "1.6.0_24" Java(TM) SE Runtime Environment (build 1.6.0_24-b07) Java HotSpot(TM) 64-Bit Server VM (build 19.1-b02, mixed mode) P.S. Sorry for the length of the post, and thank you for reading. -Scott. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
