I figured after beating my head against this config for the past couple of
days, I thought I might see if this were at all possible.
In our universities old hack-and-slash version of CAS, we've got LDAP
attributes being passed through the serviceValidate page. It looks like the
XML is pretty similar to the current serviceValidate page, and I've tried like
heck to get the LDAP attributes passed through on that page, but I'm only
getting a userid.
So, if what I'm trying to do is sane, then maybe one of you fine folks would be
able to tell me where I'm going wrong here.
Attached is my config.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xmlns:sec="http://www.springframework.org/schema/security";
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd";>
<!-- LDAP Source config -->
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="true"/>
<property name="urls">
<list>
<value>ldaps://bla.blah.blah:636</value>
</list>
</property>
<property name="userDn" value="cn=oogie,dc=boogie,dc=boogie"/>
<property name="password" value="blah"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.protocol</value>
</key>
<value>ssl</value>
</entry>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"
p:contextSource-ref="contextSource"
p:baseDN="ou=blah,dc=blah,dc=blah"
p:requireAllQueryAttributes="true">
<property name="queryAttributeMapping">
<map>
<entry key="username" value="uid" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="cn" value="Name" />
<entry value="uid" key="uid" />
<entry value="displayName" key="displayName" />
</map>
</property>
</bean>
<!-- JDBC Source config -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
p:driverClassName="oracle.jdbc.driver.OracleDriver"
p:url="jdbc:oracle:thin:@blah.blah.blah:1521:blah"
p:username="oogie"
p:password="boogie" />
<bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
<bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"
p:filter="uid=%u,ou=blah,dc=blah,dc=blah"
p:contextSource-ref="contextSource" />
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:sql="select passwd from blah.users where lower(user_id) = lower(?)"
p:passwordEncoder-ref="BBPasswordEncoder" />
</list>
</property>
</bean>
<sec:user-service id="userDetailsService">
<sec:user name="oogie" password="notused" authorities="ROLE_ADMIN" />
<sec:user name="boogie" password="notused" authorities="ROLE_ADMIN" />
</sec:user-service>
<bean id="BBPasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" p:characterEncoding="utf-16le">
<constructor-arg index="0" value="MD5" />
</bean>
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="0" />
<property name="name" value="HTTP" />
<property name="description" value="Only Allows HTTP Urls" />
<property name="serviceId" value="http://**"; />
<property name="evaluationOrder" value="10000001" />
<property name="allowedAttributes">
<list>
<value>uid</value>
<value>displayName</value>
</list>
</property>
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="1" />
<property name="name" value="HTTPS" />
<property name="description" value="Only Allows HTTPS Urls" />
<property name="serviceId" value="https://**"; />
<property name="evaluationOrder" value="10000002" />
<property name="allowedAttributes">
<list>
<value>uid</value>
<value>displayName</value>
</list>
</property>
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="2" />
<property name="name" value="IMAPS" />
<property name="description" value="Only Allows HTTPS Urls" />
<property name="serviceId" value="imaps://**" />
<property name="evaluationOrder" value="10000003" />
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="3" />
<property name="name" value="IMAP" />
<property name="description" value="Only Allows IMAP Urls" />
<property name="serviceId" value="imap://**" />
<property name="evaluationOrder" value="10000004" />
</bean>
</list>
</property>
</bean>
<bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
</beans>
