Many Thanks, that explains a lot :-D Laura
On 5/31/12 2:52 PM, Joachim Fritschi wrote: > Saml11AuthenticationFilter/Saml11TicketValidationFilter are cas client > functions of the java client. You do not need them. phpcas is a fully > functional cas client and only needs a working cas server. There is no > dependency on the java client. If you have the cas server properly > configured (attribute repository and attribute release in the Service > Management gui) you can simply check the attributes with one of our > simple examples also contained in the distributed package [1] or of > course use your own application. However i would recommend the small > test application to keep it simple in the beginning. If you run into > any trouble please check out the debug logs for phpcas [2] and check > the cas server if it actually gathers the attributes and appends them > to the principal object. > > Since you mention the word portal you may depend on proxy > functionality. If you use any phpcas::proxy() call you will have to > extend the cas 2.0 protocol or use your existing ldap lookup. > > Regards, > > Joachim > > > > > [1]https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_advanced_saml11.php > > > [2]https://wiki.jasig.org/display/CASC/phpCAS+troubleshooting > > > On 31.05.2012 16:46, Laura McCord wrote: >> Thanks for the responses. >> >> Just to follow-up and to make sure I'm on the right track... >> >> In my phpcas script I did try using: phpCAS::client(SAML_VERSION_1_1, >> $cas_host, $cas_port, $cas_context); and I have the attributeRespository >> configured and referenced as below, but I'll verify that the attributes >> are getting mapped. >> >> <bean >> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"> >> >> >> <property name="attributeRepository" ref="attributeRepository" /> >> </bean> >> >> Also, sorry if I didn't catch this in your response, but does that also >> mean I need to configure the cas server to use >> Saml11AuthenticationFilter/Saml11TicketValidationFilter in the web.xml >> file? I don't know if that means that I would have to remove >> Cas20ProxyReceivingTicketValidationFilter or can both of them be used? I >> thought I ran into a blog post where they used both at the same time. >> >> Currently I'm using the CAS2 protocol and I just look-up two attributes >> in ldap within my phpcas script. This gives me the information I need >> but I thought if there was a way of doing this in CAS, I might as well >> take advantage of the feature unless it breaks my portal stuff. >> >> Thanks, >> Laura >> >> On 5/31/12 12:14 AM, Joachim Fritschi wrote: >>> Hi Laura, >>> >>> as Scott correctly points out. Use the SAML 1.1 protocol. The first >>> thing you will need is to properly set up the attributeRepository on >>> the CAS server side. If this is properly set up and all the attributes >>> are properly resolved (check cas log file for the Principal object. >>> This should contain all the attributes). Then check that the service >>> is properly set up to release attributes in the service manager >>> console. >>> >>> phpcas will then automatically resolve the attributes from the cas >>> server answer. >>> As for the CAS 2.0 protocol: This is only possible through manual and >>> unofficial extensions of the protocol and the only "legitimate" use >>> cas would be a proxy setup that needs attributes. Then you need to >>> modify your casServiceValdiationSuccess.jsp with some small code. >>> Behind the </cas:user> you need to add something like: >>> >>> <cas:attributes> >>> <c:forEach var="attr" >>> items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"><cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}></c:forEach> >>> >>> >>> >>> </cas:attributes> >>> >>> Since this is unsupported there have been multiple ways how this can >>> be done but this is technically supported by both the jasig java and >>> phpcas client and works for me so far. >>> >>> Regards, >>> >>> Joachim >>> >>> On 28.05.2012 23:08, Scott Battaglia wrote: >>>> By default, the only response from the CAS server that will include >>>> attributes is the SAML 1.1 response. >>>> >>>> Attribute support via CAS2 protocol requires local customization to >>>> the >>>> server itself. >>>> >>>> Cheers, >>>> Scott >>>> >>>> >>>> On Fri, May 25, 2012 at 2:58 PM, Laura McCord >>>> <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> __ >>>> Hi, >>>> >>>> I am trying to use the getAttributes() phpCAS method to gain >>>> attributes but I've been receiving nothing. I'm assuming this is >>>> stemming from my CAS installation but I'm not entirely sure what to >>>> do. From what I read I should place a reference to my >>>> attributeRepository onto the >>>> org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver >>>> >>>> >>>> >>>> bean (https://wiki.jasig.org/display/CASUM/Attributes) >>>> >>>> I've also seen references to using the >>>> Saml11AuthenticationFilter/Saml11TicketValidationFilter but I'm not >>>> sure how this affects my use of >>>> Cas20ProxyReceivingTicketValidationFilter for my portal >>>> installation. And, maybe this is only for java clients, I'm using a >>>> phpCAS client so I don't know if this pertains to my situation. >>>> >>>> I'm using CAS 3.4.11 >>>> >>>> Many Thanks, >>>> Laura >>>> -- >>>> >>>> Laura McCord >>>> Web Programmer/Analyst >>>> Southwestern University >>>> [email protected] <mailto:[email protected]> >>>> >>>> -- >>>> You are currently subscribed [email protected] >>>> <mailto:[email protected]> as:[email protected] >>>> <mailto:[email protected]> >>>> >>>> >>>> To unsubscribe, change settings or access archives, >>>> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>> >>> >> >> >> -- >> >> Laura McCord >> Web Programmer/Analyst >> Southwestern University >> [email protected] <mailto:[email protected]> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- Laura McCord Web Programmer/Analyst Southwestern University [email protected] <mailto:[email protected]> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
