I'm setting up a new version of CAS, in anticipation of upgrading our
existing setup. I'm following the instructions on the website (i.e.,
https://jasig.github.io/cas/4.0.0/). A little background: Our
authentication is done via LDAP, and we also need to get some
attributes from LDAP. Some of our main CAS clients are Moodle and
mod_auth_cas.
Following instructions on the website for using LDAP, I set up the
bean ldapAuthenticationHandler in deployerConfigContext.xml. That
includes the property principalAttributeMap, which includes this
comment:
<!--
| This map provides a simple attribute resolution mechanism.
| Keys are LDAP attribute names, values are CAS attribute names.
| Use this facility instead of a PrincipalResolver if LDAP is
| the only attribute source.
-->
That sounds great, it fits our usage perfectly.
My question, though -- is this sufficient for releasing attributes via
SAML?
I ask because I set up mod_auth_cas to use SAML (I had some issues
with that, which I posted to the mod_auth_cas list, and they're almost
resolved). But I'm not getting any attributes. I can see information
about the attributes in CAS logs -- lines like this:
... [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Found principal
attribute: [uid[mepstein]]>
so I believe attribute resolution is working fine.
If I can use the above, any ideas on what else I'm missing?
If I can't, then I assume it's a matter of using a PrincipalResolver
or modifying mod_auth_cas to handle CAS protocol 3, correct?
Thanks.
Milt Epstein
Applications Developer
Graduate School of Library and Information Science (GSLIS)
University of Illinois at Urbana-Champaign (UIUC)
[email protected]
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
