[cas-user] CAS returns user attributes with other credentialsToPrincipalResolvers, but not with kerberos

Thu, 06 Mar 2014 01:59:26 -0800 

Hi there,

 

I have a CAS Server that uses three credentialsToPrincipalResolvers: x509v3 
certificate, Openldap user and password, and kerberos.

 

It all works fine, except CAS only returns the user attributes when the user 
logs in through x509v3 certificate or user/password. If the user has used 
Kerberos, CAS only returns the username.

 

Here's the relevant parts of my depoyerConfigContext.xml. I have stripped what 
I didn't consider important (really large file), but will put it if necessary.

 

<property name="credentialsToPrincipalResolvers">

  <list>

    <bean 
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
 >

        <property name="attributeRepository" ref="attributeRepository" />

    </bean>

 

    <bean 
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
 />

 

    <bean class="com.orga.cas.X509CertificateLDAPEntryMapperResolver" 

                    p:contextSource-ref="contextSource"

                    p:base="*****"

                    >

                      <property name="attributeRepository" 
ref="attributeRepository"/>

                (...)

    </bean>

 

    <bean 
class="org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver">

        <property name="attributeRepository" ref="attributeRepository"/>

    </bean>

  </list>

</property>

 

(...)

 

<bean id="attributeRepository" 
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">

    <property name="contextSource" ref="contextSource" />

    <property name="baseDN" value="**********" />

    <property name="requireAllQueryAttributes" value="true" />

 

    <property name="queryAttributeMapping">

        <map>

            <entry key="username" value="cn" />

        </map>

    </property>

 

    <property name="resultAttributeMapping">

        <map>

            <entry key="cn" value="cn" />

            <entry key="sn" value="sn" />

            <entry key="employeeNumber" value="employeeNumber" />

            <entry key="givenName" value="givenName" />

            <entry key="mail" value="mail" />

            <entry key="entryDN" value="entryDN" />

        </map>

    </property>

</bean>

 

I don't get any error in tomcat's log, I just don't get the attributes.

 

Does anyone use Kerberos with a LdapPersonAttributeDao?

 

Thanks in advance, regards.

 

Álvaro Reig González

Consejero Técnico

informática - Gerencia

Instituto Nacional de Administración Pública 

 

 

 

C/ Atocha 106, 28012 Madrid 

Teléfono: 91-273.92.89 - Centralita: 91.00 - Fax: 92.70

[email protected]

www.inap.es

Antes de imprimir este e-mail piense bien si es necesario hacerlo P

 


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

<<image001.gif>>

Reply via email to