Ok Thanks. I will wait the 4.1, it is more simple for me. ----------------------------------------------------------------- Daniel CHARLOT D.S.I. Université de Nice Sophia-Antipolis Administrateur Systèmes et Réseaux 28, avenue de Valrose - BP 2135 - 06103 NICE Tél : 04-92-07-67-07
Le 16 oct. 2014 à 10:43, Misagh Moayyed <[email protected]> a écrit : > Well, you can point your overlay to 4.1-SNAPSHOT where the fix goes in…or you > could point your client to point to /p3/serviceValidate if you don’t need > saml, or you can grab a copy of the java file, put it in your overlay only, > make the fix, make sure it compiles and off you go (and submit a patch to the > project when you get around to it). > > From: [email protected] [mailto:[email protected]] > Sent: Thursday, October 16, 2014 1:39 AM > To: [email protected] > Subject: Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release > > But now how to resolve the problem ? > I have to recompile cas-server-support-saml ? Any jar ready to use ? > Sorry, but Im not userfriendly with java and I have too many CAS client for > change the target url. > > Many Thanks. > ----------------------------------------------------------------- > Daniel CHARLOT > D.S.I. Université de Nice Sophia-Antipolis > Administrateur Systèmes et Réseaux > 28, avenue de Valrose - BP 2135 - 06103 NICE > Tél : 04-92-07-67-07 > > > > > > > > > > > > > Le 15 oct. 2014 à 12:11, Misagh Moayyed <[email protected]> a écrit : > > > I was able to duplicate this. There is a discrepancy between CAS views and > SAML views; PrimaryAuthn is used in one but not the other. > > Submitted this issue to track: > https://github.com/Jasig/cas/issues/722 > > For the time being, would you be able to point your CAS client to > /p3/serviceValidate and not use SAML? That should get you only the attributes > you allowed. > > From: Carlos Olivera [mailto:[email protected]] > Sent: Tuesday, October 14, 2014 7:45 AM > To: [email protected] > Cc: [email protected]; [email protected]; > [email protected] > Subject: Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release > > Ok, now I have more information about this issue, I know where the problem is > located but I don't know why it happens. > > I will enumerate all relevant steps from getting the attributes to saml > creation of attributes (At least how I think it works) > CentralAuthenticationServiceImpl: createTicketGrantingTicket(final > Credential... credentials) calls > this.authenticationManager.authenticate(credentials) > authenticateUsernamePasswordInternal: In this method, I get the user from DB > and load all its attributes. I return: createHandlerResult(credential, new > SimplePrincipal(username, atributos), null); "atributos" contains all the > user attributes. So, from now on, Principal will have all the attributes, in > my test "name" and "lastname" > CentralAuthenticationServiceImpl: createTicketGrantingTicket(final > Credential... credentials) creates the ticket. The ticket has an > Authentication object which contains the Principal created. > At some point the code hits validateServiceTicket and finishes returning an > ImmutableAssertion with the following attributes: > primary (Authentication), it's and Authentication object with a > modifiedPrincipal. This particular principal has all the attributes I want > because it went through all the necessary filters. > chained (List<Authentication>), this list references to > serviceTicket.getGrantingTicket().getChainedAuthentications(), it only has > one item, and the principal contained in that Authentication item is the > first one created with all the attributes. > At last, the code hits Saml10SuccessResponseView.prepareResponse, the first > line gets an Authentication object from: > final Authentication authentication = > getAssertionFrom(model).getChainedAuthentications().get(0); and from that > Authentication retrieves all the attributes. > In a simple test, I changed > getAssertionFrom(model).getChainedAuthentications().get(0) > to > getAssertionFrom(model).getPrimaryAuthentication() > > and it works, now I'm getting only the attributes that I want in the client. > > I'm sure this isn't a viable solution, because I'm messing with > Saml10SuccessResponseView and I shouldn't, but I wanted to know if that was > the problem. With all this new information, maybe some of you could tell me > what I'm doing wrong and guide me in the right direction. > > Thanks in advance. > > El lunes, 13 de octubre de 2014 12:26:34 UTC-2, [email protected] escribió: > Me yeah, SAML 1.1 with an function php which does just a getAttribute(). > > ----------------------------------------------------------------- > Daniel CHARLOT > D.S.I. Université de Nice Sophia-Antipolis > Administrateur Systèmes et Réseaux > 28, avenue de Valrose - BP 2135 - 06103 NICE > Tél : 04-92-07-67-07 > > > > > > > > > > > > Le 13 oct. 2014 à 16:18, Misagh Moayyed <[email protected]> a écrit : > > > > Nothing jumps out at me in your configuration. I’ll run some tests to see if > I can duplicate the error and provide an explanation. > > Do I remember correctly that you said you were using SAML 1.1 to get > attributes? > > From: Carlos Olivera [mailto:[email protected]] > Sent: Monday, October 13, 2014 5:00 AM > To: [email protected] > Cc: [email protected] > Subject: Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release > > Sorry, the client code to retrieve the attributes is: > > > AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal(); > Map attributes = principal.getAttributes(); > > 2014-10-13 9:50 GMT-02:00 Carlos Olivera <[email protected]>: > I tried to debug the code in order to figure out when the principal was saved > with all the attributes. I got the following Assertion (ImmutableAssertion) > object created (ServiceValidateController): > > primaryAuthentication (ImmutableAuthentication): The Principal has an empty > list of attributes, wich is what I need according to my configuation. > chainedAuthentications (List<ImmutableAuthentication>): Return a list with > only one item, but in that case the Principal in the Authentication object > has ALL the attributes of the user. > Is that the standard behaviour in the login proccess? > > Something I haven't said yet, to retrieve the attributes from the client I > use the following code: > AttributePrincipal principal = (AttributePrincipal)request. > Map attributes = principal.getAttributes(); > > is that ok??? > > I don't know if any of that helps, but maybe for an experienced user it could > mean something. > > El lunes, 13 de octubre de 2014 08:51:15 UTC-2, [email protected] escribió: > Hi, > > Here my deployerconfig. I have the same problem than carlos. I dont > understand why i have all attributes.. > I have tried both with Attributefilter and allowedattributes but its the same. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
