Okay, I resolved this. I had to add the entry *java.naming.referral* with the value *follow* in the "*baseEnvironmentProperties" *property. Now the attributes are passing just fine. * * *<property name="baseEnvironmentProperties">* * <map>* * <!-- Three seconds is an eternity to users. -->* * <entry key="com.sun.jndi.ldap.connect.timeout" value="3000" />* * <entry key="com.sun.jndi.ldap.read.timeout" value="3000" />* * * * <!-- Explained at http://download.oracle.com/javase/1.3/docs/api/javax/naming/Context.html#SECURITY_AUTHENTICATION -->* * <entry key="java.naming.security.authentication" value="simple" />* * <entry key="java.naming.referral" value="follow" />* * </map>* *</property>*
On Sat, Aug 11, 2012 at 2:26 PM, Stefan Holodnick < [email protected]> wrote: > Hello, > > I've been working on troubleshooting and passing AD LDAP attributes using > SAML 2.0. So far, everything that I've found in this group or online has > not fixed my issue. I know I'm close and if anyone can guide me in the > right direction, I would appreciate it much. > > Here is my current mapping configuration: > > *...* > *<property name="credentialsToPrincipalResolvers">* > * <list>* > * <bean > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"> > * > * <property > name="attributeRepository" ref="attributeRepository" />* > * </bean>* > * </list>* > * </property>* > *...* > * > * > * <bean id="attributeRepository" > class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">* > * <property name="contextSource" ref="contextSource"/>* > * <property name="requireAllQueryAttributes" > value="false"/>* > * <property name="queryAttributeMapping">* > * <map>* > * <entry key="username" value="sAMAccountName" />* > * </map>* > * </property>* > * <property name="resultAttributeMapping">* > * <map>* > * <entry key="mail" value="Email" />* > * </map>* > * </property>* > *</bean>* > * > * > Here is what I am receiving in my log: > > *2012-08-11 14:23:23,682 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > AuthenticationHandler: > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully > authenticated the user which provided the following credentials: [username: > stefan.holodnick]* > *2012-08-11 14:23:23,682 DEBUG > [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] > - Attempting to resolve a principal...* > *2012-08-11 14:23:23,682 DEBUG > [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] > - Creating SimplePrincipal for [stefan.holodnick]* > *2012-08-11 14:23:23,683 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - > Created seed map='{username=[stefan.holodnick]}' for uid='stefan.holodnick' > * > *2012-08-11 14:23:23,683 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding > attribute 'sAMAccountName' with value '[stefan.holodnick]' to query builder > 'null'* > *2012-08-11 14:23:23,685 DEBUG > [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - > Generated query builder '(sAMAccountName=stefan.holodnick)' from query Map > {username=[stefan.holodnick]}.* > *2012-08-11 14:23:23,706 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN* > *=============================================================* > *WHO: [username: stefan.holodnick]* > *WHAT: supplied credentials: [username: stefan.holodnick]* > *ACTION: AUTHENTICATION_FAILED* > *APPLICATION: CAS* > *WHEN: Sat Aug 11 14:23:23 EDT 2012* > *CLIENT IP ADDRESS: 192.168.11.143* > *SERVER IP ADDRESS: auth.kirtland.edu* > *=============================================================* > * > * > * > * > *2012-08-11 14:23:23,706 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN* > *=============================================================* > *WHO: [username: stefan.holodnick]* > *WHAT: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem > 2001 (NO_OBJECT), data 0, best match of:* > * ''* > *^@]; nested exception is javax.naming.NameNotFoundException: [LDAP: > error code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), > data 0, best match of:* > * ''* > *^@]; remaining name ''* > *ACTION: TICKET_GRANTING_TICKET_NOT_CREATED* > *APPLICATION: CAS* > *WHEN: Sat Aug 11 14:23:23 EDT 2012* > *CLIENT IP ADDRESS: 192.168.11.143* > *SERVER IP ADDRESS: auth.kirtland.edu* > *=============================================================* > * > * > * > * > *2012-08-11 14:23:23,718 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated > service for: > https://auth.kirtland.edu/cas/services/j_acegi_cas_security_check* > > > > For one thing, would debug properly return the mail attribute? For > another, why is it having issues with my current config? > > > > --------- > Stefan Holodnick > Online Services Developer > Kirtland Community College > 989.275.5000 x458 > [email protected] > > > -- --------- Stefan Holodnick Online Services Developer Kirtland Community College 989.275.5000 x458 [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
