Hi there,
I'm running CAS 3.5.2.1 on Ubuntu 14.04.1 and using Active Directory as the
source. I have a mysql db for persistence for tickets and Managed Services.
My deployerContextConfig.xml has the attribute mapping set up to pull
additional attributes from AD (givenName, sn, employeeID, etc.). I have
modified the casServiceValidationSuccess.jsp file to release the attributes to
the clients requesting them.
Authentication works successfully for clients, but attributes are never passed
on.
In the catalina.out logs, I get this after successful service ticket creation
for any user:
2014-11-19 10:53:20,843 WARN [org.jasig.cas.CentralAuthenticationServiceImpl] -
<Principal [George_Feeny] did not have attribute [sAMAccountName] among
attributes [{}] so CAS cannot provide on the validation response the user
attribute the registered service [https://casclient.test/sso] expects. CAS will
instead return the default username attribute [George_Feeny]>
I have also ensured that the LDAP authenticator account is able to retrieve all
of the attributes by testing it in an LDAP browser. I've also set up phpCas
client to try printing the attributes (all of which have been released in the
Services Management page) and it returns nothing.
I'm really stuck! Has anyone else been able to do this successfully? I'm
happy to provide my password-less deployerContextConfig.xml file and
casServiceValidationSuccess.jsp page if necessary.
Thanks!
----------------------------------
Zach Maxell
ERP Systems Administrator
Emerson College
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
