Try changing this line:
<property name="queryAttributeMapping">
<entry key="*sAMAccountName*" value="sAMAccountName"/>
to:
<property name="queryAttributeMapping">
<entry key="*username*" value="sAMAccountName"/>
I hope that helps.
---
*John Gasper*
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef
On 11/25/14 8:27 AM, Zachary Maxell wrote:
> Hi John,
>
> Here are the files. I really appreciate your help!
>
> ----------------------------------
> Zach Maxell
> ERP Systems Administrator
> Emerson College
>
>
> ________________________________________
> From: John Gasper <[email protected]>
> Sent: Tuesday, November 25, 2014 11:14 AM
> To: [email protected]
> Subject: Re: [cas-user] Pulling attributes from Active Directory
>
> Hi Zach,
>
> Go ahead and share your files with us. That should help.
>
> On 11/25/14 6:28 AM, Zachary Maxell wrote:
>> Hi there,
>>
>> I'm running CAS 3.5.2.1 on Ubuntu 14.04.1 and using Active Directory as the
>> source. I have a mysql db for persistence for tickets and Managed Services.
>>
>> My deployerContextConfig.xml has the attribute mapping set up to pull
>> additional attributes from AD (givenName, sn, employeeID, etc.). I have
>> modified the casServiceValidationSuccess.jsp file to release the attributes
>> to the clients requesting them.
>>
>> Authentication works successfully for clients, but attributes are never
>> passed on.
>>
>> In the catalina.out logs, I get this after successful service ticket
>> creation for any user:
>>
>> 2014-11-19 10:53:20,843 WARN
>> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal [George_Feeny]
>> did not have attribute [sAMAccountName] among attributes [{}] so CAS cannot
>> provide on the validation response the user attribute the registered service
>> [https://casclient.test/sso] expects. CAS will instead return the default
>> username attribute [George_Feeny]>
>>
>> I have also ensured that the LDAP authenticator account is able to retrieve
>> all of the attributes by testing it in an LDAP browser. I've also set up
>> phpCas client to try printing the attributes (all of which have been
>> released in the Services Management page) and it returns nothing.
>>
>> I'm really stuck! Has anyone else been able to do this successfully? I'm
>> happy to provide my password-less deployerContextConfig.xml file and
>> casServiceValidationSuccess.jsp page if necessary.
>>
>> Thanks!
>>
>> ----------------------------------
>>
>> Zach Maxell
>> ERP Systems Administrator
>> Emerson College
>>
>>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
