Kevin,
please check in the cas server logs that the attributes are actually
read and added to the "Principal". (debug flag enabled in the log4
config) Checking in the cas-client is a bit far from the "source" unless
you are sure that your cas server actually does works correct.
The snippet you posted seems ok and should normally get you the data you
recieve.
Regards,
Joachim
Am 11.06.2011 01:35, schrieb Kevin Richter:
Yeah, I do:
require_once('CAS.php');
phpCAS::client(SAML_VERSION_1_1, 'cas.mywebsite.de', 443, '/cas');
phpCAS::setNoCasServerValidation();
phpCAS::setServerSamlValidateURL(
'http://internalip:8080/cas/samlValidate' );
phpCAS::setDebug( 'casdebug.txt' );
Bye,
Kevin
Am 10.06.2011 23:34, schrieb Philippe MARASSE:
Hi,
Do your PHP test script validate ticket through SAML in order to get the
attributes ?
Rgds.
----- Mail Original -----
De: "Kevin Richter"<[email protected]>
À: [email protected]
Envoyé: Vendredi 10 Juin 2011 23:26:28
Objet: [cas-user] Attributes/SAML
Hi,
I am trying to get some attributes (mail adress, full name) from the
LDAP directory using the FastBindLdapAuthenticationHandler method.
In our environment each user is allowed to read his own attributes (like
cn oder mail), so I have thought there is no need for a special bind user.
Is this possible?
At the moment all my tries were not successful.
See below for my config. Any ideas whats wrong there?
Of course I have selected the attributes (mail, cn) for my test platform
in the services management (cas/services/manage.html).
My test platform is a PHP script:
print_r(phpCAS::getAttributes())
But it always prints "Array ( )"... no attributes :-(
Thanks,
Kevin
[snip]
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="contextSource" />
<property name="baseDN"
value="ou=students,dc=uni-hildesheim,dc=de" />
<property name="requireAllQueryAttributes" value="true" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="uid" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<!-- Mapping beetween LDAP entry attributes
(key) and Principal's (value) -->
<entry key="cn" value="Name"/>
<entry key="mail" value="EMail" />
</map>
</property>
</bean>
[/snip]
[snip]
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<!-- The Principal resolver form the
credentials -->
<property
name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
</property>
<!-- The query made to find the
Principal ID. "%u" will be replaced by the resolved Principal -->
<property name="filter" value="(uid=%u)" />
<!-- The attribute used to define the
new Principal ID -->
<property name="principalAttributeName"
value="uid" />
<property name="searchBase"
value="ou=students,dc=uni-hildesheim,dc=de" />
<property name="contextSource"
ref="contextSource" />
<property name="attributeRepository">
<ref bean="attributeRepository" />
</property>
</bean>
[/snip]
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
