Okay, I resolved this.  I had to add the entry *java.naming.referral* with
the value *follow* in the "*baseEnvironmentProperties" *property.  Now the
attributes are passing just fine.
*
*
*<property name="baseEnvironmentProperties">*
*                 <map>*
*                         <!-- Three seconds is an eternity to users. -->*
*                         <entry key="com.sun.jndi.ldap.connect.timeout"
value="3000" />*
*                         <entry key="com.sun.jndi.ldap.read.timeout"
value="3000" />*
*
*
*                         <!-- Explained at
http://download.oracle.com/javase/1.3/docs/api/javax/naming/Context.html#SECURITY_AUTHENTICATION
 -->*
*                         <entry key="java.naming.security.authentication"
value="simple" />*
*                         <entry key="java.naming.referral" value="follow"
/>*
*                </map>*
*</property>*

On Sat, Aug 11, 2012 at 2:26 PM, Stefan Holodnick <
[email protected]> wrote:

> Hello,
>
> I've been working on troubleshooting and passing AD LDAP attributes using
> SAML 2.0.  So far, everything that I've found in this group or online has
> not fixed my issue.  I know I'm close and if anyone can guide me in the
> right direction, I would appreciate it much.
>
> Here is my current mapping configuration:
>
> *...*
> *<property name="credentialsToPrincipalResolvers">*
> *                        <list>*
> *                                <bean
> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
> *
> *                                        <property
> name="attributeRepository" ref="attributeRepository" />*
> *                                </bean>*
> *                        </list>*
> *                </property>*
> *...*
> *
> *
> * <bean id="attributeRepository"
> class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">*
> *                <property name="contextSource" ref="contextSource"/>*
> *                <property name="requireAllQueryAttributes"
> value="false"/>*
> *                <property name="queryAttributeMapping">*
> *                <map>*
> *                        <entry key="username" value="sAMAccountName" />*
> *                </map>*
> *                </property>*
> *                <property name="resultAttributeMapping">*
> *                <map>*
> *                <entry key="mail" value="Email" />*
> *                </map>*
> *                </property>*
> *</bean>*
> *
> *
> Here is what I am receiving in my log:
>
> *2012-08-11 14:23:23,682 INFO
> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> AuthenticationHandler:
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
> authenticated the user which provided the following credentials: [username:
> stefan.holodnick]*
> *2012-08-11 14:23:23,682 DEBUG
> [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
> - Attempting to resolve a principal...*
> *2012-08-11 14:23:23,682 DEBUG
> [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
> - Creating SimplePrincipal for [stefan.holodnick]*
> *2012-08-11 14:23:23,683 DEBUG
> [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
> Created seed map='{username=[stefan.holodnick]}' for uid='stefan.holodnick'
> *
> *2012-08-11 14:23:23,683 DEBUG
> [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding
> attribute 'sAMAccountName' with value '[stefan.holodnick]' to query builder
> 'null'*
> *2012-08-11 14:23:23,685 DEBUG
> [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
> Generated query builder '(sAMAccountName=stefan.holodnick)' from query Map
> {username=[stefan.holodnick]}.*
> *2012-08-11 14:23:23,706 INFO
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit
> trail record BEGIN*
> *=============================================================*
> *WHO: [username: stefan.holodnick]*
> *WHAT: supplied credentials: [username: stefan.holodnick]*
> *ACTION: AUTHENTICATION_FAILED*
> *APPLICATION: CAS*
> *WHEN: Sat Aug 11 14:23:23 EDT 2012*
> *CLIENT IP ADDRESS: 192.168.11.143*
> *SERVER IP ADDRESS: auth.kirtland.edu*
> *=============================================================*
> *
> *
> *
> *
> *2012-08-11 14:23:23,706 INFO
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit
> trail record BEGIN*
> *=============================================================*
> *WHO: [username: stefan.holodnick]*
> *WHAT: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem
> 2001 (NO_OBJECT), data 0, best match of:*
> *        ''*
> *^@]; nested exception is javax.naming.NameNotFoundException: [LDAP:
> error code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT),
> data 0, best match of:*
> *        ''*
> *^@]; remaining name ''*
> *ACTION: TICKET_GRANTING_TICKET_NOT_CREATED*
> *APPLICATION: CAS*
> *WHEN: Sat Aug 11 14:23:23 EDT 2012*
> *CLIENT IP ADDRESS: 192.168.11.143*
> *SERVER IP ADDRESS: auth.kirtland.edu*
> *=============================================================*
> *
> *
> *
> *
> *2012-08-11 14:23:23,718 DEBUG
> [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated
> service for:
> https://auth.kirtland.edu/cas/services/j_acegi_cas_security_check*
>
>
>
> For one thing, would debug properly return the mail attribute?  For
> another, why is it having issues with my current config?
>
>
>
> ---------
> Stefan Holodnick
> Online Services Developer
> Kirtland Community College
> 989.275.5000 x458
> [email protected]
>
>
>


-- 
---------
Stefan Holodnick
Online Services Developer
Kirtland Community College
989.275.5000 x458
[email protected]

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to