Oh I see, I misunderstood. You are seeing all attributes in your test
app, but you want to pick and choose.
try adding:
p:ignoreAttributes="false"
to your RegisteredService entry and see if that makes a difference.
On 10/9/14 8:42 AM, [email protected] wrote:
> my page saml works too much because it drop all attritubes of my user.
> but not only the mail (value=mail) which is in the allowedattribute
> properties
>
>
> Le 9 octobre 2014 17:35:04 CEST, John Gasper <[email protected]> a
> écrit :
>
> As far as I can tell from the log the user attributes are being
> pulled from the ldap server just fine. It also looks like they are
> being queued to be put in the saml response:
> 2014-10-09 17:03:29,192 INFO
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> Authenticated dcharlot with credentials [dcharlot+password].
> 2014-10-09 17:03:29,192 DEBUG
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> Attribute map for dcharlot: {eduPersonAffiliation=[member, staff,
> employee], eduPersonPrimaryAffiliation=staff,
> [email protected],
> uniceService=[application.harpege.utilisateurs,
> application-geisha, BV, geisha, pers-tous, autocom,
> manu-dsi-assistance, application.apogee.utilisateurs, apogee, web,
> pers-affect.CRI, scsi.infrastructure.membres, scsi.personnels,
> hermes, harpege, dsi.infrastructure.a-sites, scsi.membres,
> scsi.infrastructure.personnels, app-conges,
> manu-membres-iufm-conseil.ufr, pers-site.valrose],
> displayName=Daniel Charlot, user=dcharlot}
> ...
> 2014-10-09 17:03:29,333 DEBUG
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
> [ST-1-bwkJYRzsBrdTc5eaDQ6r-login4.unice.fr] found in registry.
> 2014-10-09 17:03:29,334 DEBUG
> [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter]
> - Found attribute [email] in the list of allowed attributes for
> service [HTTP and IMAP]
> 2014-10-09 17:03:29,334 DEBUG
> [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter]
> - Found attribute [user] in the list of allowed attributes for
> service [HTTP and IMAP]
>
> I don't know if the logging indicates the attribute (or its value)
> as it is put into the SAML response or not.
>
> My next step would be to bump the logging up on the phpCAS client
> and I think you should be able to see the SAML response there.
>
> ---
> *John Gasper*
> IAM Consultant
> Unicon, Inc.
> PGP/GPG Key: 0xbafee3ef
> On 10/9/14 8:09 AM, [email protected] wrote:
>> Hi,
>>
>> Sorry for the delay,
>> here my log for one connexion :
>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>>
>> -----------------------------------------------------------------
>> Daniel CHARLOT
>> D.S.I. Université de Nice Sophia-Antipolis
>> Administrateur Systèmes et Réseaux
>> 28, avenue de Valrose - BP 2135 - 06103 NICE
>> Tél : 04-92-07-67-07
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Le 8 oct. 2014 à 16:26, Misagh Moayyed <[email protected]
>> <mailto:[email protected]>> a écrit :
>>
>>> Ok. So I’d follow what John suggested. Up the log levels and see
>>> what they tell you.
>>>
>>> *From:* [email protected]
>>> <mailto:[email protected]> [mailto:[email protected]]
>>> *Sent:* Wednesday, October 8, 2014 7:19 AM
>>> *To:* [email protected] <mailto:[email protected]>
>>> *Subject:* Re: [cas-user] allowedAttributes ldap CAS 4
>>>
>>>
>>>
>>> A simple page of php cas 1.3.3 with the function
>>> phpCAS::getAttributes()
>>> -----------------------------------------------------------------
>>> Daniel CHARLOT
>>> D.S.I. Université de Nice Sophia-Antipolis
>>> Administrateur Systèmes et Réseaux
>>> 28, avenue de Valrose - BP 2135 - 06103 NICE
>>> Tél : 04-92-07-67-07
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Le 8 oct. 2014 à 16:14, Misagh Moayyed <[email protected]
>>> <mailto:[email protected]>> a écrit :
>>>
>>>
>>> And what sort of CAS client are you using to get these
>>> attributes?
>>>
>>> *From:* [email protected]
>>> <mailto:[email protected]> [mailto:[email protected]]
>>> *Sent:* Wednesday, October 8, 2014 5:07 AM
>>> *To:* [email protected] <mailto:[email protected]>
>>> *Subject:* Re: [cas-user] allowedAttributes ldap CAS 4
>>>
>>> Hi john,
>>> I use SAML 1.1.
>>>
>>> -----------------------------------------------------------------
>>> Daniel CHARLOT
>>> D.S.I. Université de Nice Sophia-Antipolis
>>> Administrateur Systèmes et Réseaux
>>> 28, avenue de Valrose - BP 2135 - 06103 NICE
>>> Tél : 04-92-07-67-07
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Le 7 oct. 2014 à 17:18, John Gasper <[email protected]
>>> <mailto:[email protected]>> a écrit :
>>>
>>>
>>>
>>> What CAS protocol are you using to retrieve the
>>> attributes on the client side?
>>>
>>> On 10/7/14 1:04 AM, [email protected]
>>> <mailto:[email protected]> wrote:
>>>
>>> Hi john,
>>>
>>> I have tried your syntax but it's the same things.
>>>
>>>
>>>
>>> I have seen that on cas core 4.1 there are new
>>> functions for this. I hope the return of attributes
>>> for each services works on 4.0 with ldap…
>>>
>>> I dont understand why the property of serviceid
>>> works but not the property allowedAttribute
>>>
>>> Best Regards,
>>>
>>>
>>>
>>>
>>> -----------------------------------------------------------------
>>> Daniel CHARLOT
>>> D.S.I. Université de Nice Sophia-Antipolis
>>> Administrateur Systèmes et Réseaux
>>> 28, avenue de Valrose - BP 2135 - 06103 NICE
>>> Tél : 04-92-07-67-07
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Le 6 oct. 2014 à 17:24, John Gasper
>>> <[email protected] <mailto:[email protected]>> a
>>> écrit :
>>>
>>>
>>>
>>> You might try changing your bean def to use:
>>> <property
>>> name="allowedAttributes">
>>> <list>
>>> <value>mail</value>
>>> </list>
>>> </property>
>>>
>>> On 10/6/14 3:41 AM, [email protected]
>>> <mailto:[email protected]> wrote:
>>>
>>> Hi guys,
>>>
>>> Last work for my cas 4.
>>>
>>> I would like to give attributes differents
>>> for each services.
>>> But it doesnt work.
>>> I
>>> use org.jasig.cas.persondir.LdapPersonAttributeDao.
>>>
>>> And I have a bean :
>>> <bean
>>>
>>> class="org.jasig.cas.services.RegexRegisteredService"
>>> p:id="1" p:name="HTTP web"
>>> p:description=« SERVICE test"
>>> p:allowedToProxy="true"
>>> p:serviceId="http://testmydomain/test/test.php";
>>> p:evaluationOrder="10000002"
>>> * **p:allowedAttributes="mail"*/>
>>>
>>> But in response... I have all attributes
>>> which are in my "bean attributeRepository".
>>> allowedAttributes properties seems do nothing...
>>>
>>> Any ideas ?
>>>
>>> Thx for your responses
>>>
>>> -----------------------------------------------------------------
>>> Daniel CHARLOT
>>> D.S.I. Université de Nice Sophia-Antipolis
>>> Administrateur Systèmes et Réseaux
>>> 28, avenue de Valrose - BP 2135 - 06103 NICE
>>> Tél : 04-92-07-67-07
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> You are currently subscribed to
>>> [email protected] <mailto:[email protected]> as:
>>> [email protected] <mailto:[email protected]>
>>>
>>> To unsubscribe, change settings or access archives,
>>> see http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>>
>>> --
>>>
>>> You are currently subscribed to
>>> [email protected] <mailto:[email protected]> as:
>>> [email protected] <mailto:[email protected]>
>>>
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>>
>>> --
>>>
>>> You are currently subscribed to [email protected]
>>> <mailto:[email protected]> as: [email protected]
>>> <mailto:[email protected]>
>>>
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>>
>>> --
>>>
>>> You are currently subscribed to [email protected]
>>> <mailto:[email protected]> as: [email protected]
>>> <mailto:[email protected]>
>>>
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> You are currently subscribed to [email protected]
>>> <mailto:[email protected]> as: [email protected]
>>> <mailto:[email protected]>
>>>
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>> --
>>>
>>> You are currently subscribed to [email protected]
>>> <mailto:[email protected]> as: [email protected]
>>> <mailto:[email protected]>
>>>
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>>
>>>
>>>
>>> --
>>> You are currently subscribed to [email protected]
>>> <mailto:[email protected]> as: [email protected]
>>> <mailto:[email protected]>
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> --
>>> You are currently subscribed to [email protected]
>>> <mailto:[email protected]> as: [email protected]
>>> <mailto:[email protected]>
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> Envoyé de mon Android 4G
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
