As far as I can tell from the log the user attributes are being pulled
from the ldap server just fine. It also looks like they are being queued
to be put in the saml response:
2014-10-09 17:03:29,192 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
Authenticated dcharlot with credentials [dcharlot+password].
2014-10-09 17:03:29,192 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
Attribute map for dcharlot: {eduPersonAffiliation=[member, staff,
employee], eduPersonPrimaryAffiliation=staff,
[email protected],
uniceService=[application.harpege.utilisateurs, application-geisha, BV,
geisha, pers-tous, autocom, manu-dsi-assistance,
application.apogee.utilisateurs, apogee, web, pers-affect.CRI,
scsi.infrastructure.membres, scsi.personnels, hermes, harpege,
dsi.infrastructure.a-sites, scsi.membres,
scsi.infrastructure.personnels, app-conges,
manu-membres-iufm-conseil.ufr, pers-site.valrose], displayName=Daniel
Charlot, user=dcharlot}
...
2014-10-09 17:03:29,333 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
[ST-1-bwkJYRzsBrdTc5eaDQ6r-login4.unice.fr] found in registry.
2014-10-09 17:03:29,334 DEBUG
[org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter]
- Found attribute [email] in the list of allowed attributes for service
[HTTP and IMAP]
2014-10-09 17:03:29,334 DEBUG
[org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter]
- Found attribute [user] in the list of allowed attributes for service
[HTTP and IMAP]I don't know if the logging indicates the attribute (or its value) as it is put into the SAML response or not. My next step would be to bump the logging up on the phpCAS client and I think you should be able to see the SAML response there. --- *John Gasper* IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef On 10/9/14 8:09 AM, [email protected] wrote: > Hi, > > Sorry for the delay, > here my log for one connexion : > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > ----------------------------------------------------------------- > Daniel CHARLOT > D.S.I. Université de Nice Sophia-Antipolis > Administrateur Systèmes et Réseaux > 28, avenue de Valrose - BP 2135 - 06103 NICE > Tél : 04-92-07-67-07 > > > > > > > > > > > > Le 8 oct. 2014 à 16:26, Misagh Moayyed <[email protected] > <mailto:[email protected]>> a écrit : > >> Ok. So I’d follow what John suggested. Up the log levels and see what >> they tell you. >> >> *From:* [email protected] >> <mailto:[email protected]> [mailto:[email protected]] >> *Sent:* Wednesday, October 8, 2014 7:19 AM >> *To:* [email protected] <mailto:[email protected]> >> *Subject:* Re: [cas-user] allowedAttributes ldap CAS 4 >> >> A simple page of php cas 1.3.3 with the function phpCAS::getAttributes() >> ----------------------------------------------------------------- >> Daniel CHARLOT >> D.S.I. Université de Nice Sophia-Antipolis >> Administrateur Systèmes et Réseaux >> 28, avenue de Valrose - BP 2135 - 06103 NICE >> Tél : 04-92-07-67-07 >> >> >> >> >> >> >> >> >> >> >> >> >> Le 8 oct. 2014 à 16:14, Misagh Moayyed <[email protected] >> <mailto:[email protected]>> a écrit : >> >> >> And what sort of CAS client are you using to get these attributes? >> >> *From:* [email protected] >> <mailto:[email protected]> [mailto:[email protected]] >> *Sent:* Wednesday, October 8, 2014 5:07 AM >> *To:* [email protected] <mailto:[email protected]> >> *Subject:* Re: [cas-user] allowedAttributes ldap CAS 4 >> >> Hi john, >> I use SAML 1.1. >> >> ----------------------------------------------------------------- >> Daniel CHARLOT >> D.S.I. Université de Nice Sophia-Antipolis >> Administrateur Systèmes et Réseaux >> 28, avenue de Valrose - BP 2135 - 06103 NICE >> Tél : 04-92-07-67-07 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> Le 7 oct. 2014 à 17:18, John Gasper <[email protected] >> <mailto:[email protected]>> a écrit : >> >> >> >> What CAS protocol are you using to retrieve the attributes on >> the client side? >> >> On 10/7/14 1:04 AM, [email protected] >> <mailto:[email protected]> wrote: >> >> Hi john, >> >> I have tried your syntax but it's the same things. >> >> >> >> I have seen that on cas core 4.1 there are new functions >> for this. I hope the return of attributes for each >> services works on 4.0 with ldap… >> >> I dont understand why the property of serviceid works but >> not the property allowedAttribute >> >> Best Regards, >> >> >> >> ----------------------------------------------------------------- >> Daniel CHARLOT >> D.S.I. Université de Nice Sophia-Antipolis >> Administrateur Systèmes et Réseaux >> 28, avenue de Valrose - BP 2135 - 06103 NICE >> Tél : 04-92-07-67-07 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> Le 6 oct. 2014 à 17:24, John Gasper <[email protected] >> <mailto:[email protected]>> a écrit : >> >> >> >> You might try changing your bean def to use: >> <property name="allowedAttributes"> >> <list> >> <value>mail</value> >> </list> >> </property> >> >> On 10/6/14 3:41 AM, [email protected] >> <mailto:[email protected]> wrote: >> >> Hi guys, >> >> Last work for my cas 4. >> >> I would like to give attributes differents for >> each services. >> But it doesnt work. >> I use org.jasig.cas.persondir.LdapPersonAttributeDao. >> >> And I have a bean : >> <bean >> class="org.jasig.cas.services.RegexRegisteredService" >> p:id="1" p:name="HTTP web" >> p:description=« SERVICE test" >> p:allowedToProxy="true" >> p:serviceId="http://testmydomain/test/test.php"; >> p:evaluationOrder="10000002" >> * **p:allowedAttributes="mail"*/> >> >> But in response... I have all attributes which >> are in my "bean attributeRepository". >> allowedAttributes properties seems do nothing... >> >> Any ideas ? >> >> Thx for your responses >> >> ----------------------------------------------------------------- >> Daniel CHARLOT >> D.S.I. Université de Nice Sophia-Antipolis >> Administrateur Systèmes et Réseaux >> 28, avenue de Valrose - BP 2135 - 06103 NICE >> Tél : 04-92-07-67-07 >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> You are currently subscribed to [email protected] >> <mailto:[email protected]> as: [email protected] >> <mailto:[email protected]> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> -- >> >> You are currently subscribed to [email protected] >> <mailto:[email protected]> as: [email protected] >> <mailto:[email protected]> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> -- >> >> You are currently subscribed to [email protected] >> <mailto:[email protected]> as: [email protected] >> <mailto:[email protected]> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> -- >> >> You are currently subscribed to [email protected] >> <mailto:[email protected]> as: [email protected] >> <mailto:[email protected]> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> >> >> -- >> >> You are currently subscribed to [email protected] >> <mailto:[email protected]> as: [email protected] >> <mailto:[email protected]> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> >> You are currently subscribed to [email protected] >> <mailto:[email protected]> as: [email protected] >> <mailto:[email protected]> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> -- >> You are currently subscribed to [email protected] >> <mailto:[email protected]> as: [email protected] >> <mailto:[email protected]> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> -- >> You are currently subscribed to [email protected] >> <mailto:[email protected]> as: [email protected] >> <mailto:[email protected]> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
