Wow. I can't believe that was it. I mean, I knew it had to be something in the config, but I can't believe it was something that simple. Thank you so much John. I really, really appreciate it!
---------------------------------- Zach Maxell ERP Systems Administrator Emerson College ________________________________ From: John Gasper <[email protected]> Sent: Tuesday, November 25, 2014 11:32 AM To: [email protected] Subject: Re: [cas-user] Pulling attributes from Active Directory Try changing this line: <property name="queryAttributeMapping"> <entry key="sAMAccountName" value="sAMAccountName"/> to: <property name="queryAttributeMapping"> <entry key="username" value="sAMAccountName"/> I hope that helps. --- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef On 11/25/14 8:27 AM, Zachary Maxell wrote: Hi John, Here are the files. I really appreciate your help! ---------------------------------- Zach Maxell ERP Systems Administrator Emerson College ________________________________________ From: John Gasper <[email protected]><mailto:[email protected]> Sent: Tuesday, November 25, 2014 11:14 AM To: [email protected]<mailto:[email protected]> Subject: Re: [cas-user] Pulling attributes from Active Directory Hi Zach, Go ahead and share your files with us. That should help. On 11/25/14 6:28 AM, Zachary Maxell wrote: Hi there, I'm running CAS 3.5.2.1 on Ubuntu 14.04.1 and using Active Directory as the source. I have a mysql db for persistence for tickets and Managed Services. My deployerContextConfig.xml has the attribute mapping set up to pull additional attributes from AD (givenName, sn, employeeID, etc.). I have modified the casServiceValidationSuccess.jsp file to release the attributes to the clients requesting them. Authentication works successfully for clients, but attributes are never passed on. In the catalina.out logs, I get this after successful service ticket creation for any user: 2014-11-19 10:53:20,843 WARN [org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal [George_Feeny] did not have attribute [sAMAccountName] among attributes [{}] so CAS cannot provide on the validation response the user attribute the registered service [https://casclient.test/sso] expects. CAS will instead return the default username attribute [George_Feeny]> I have also ensured that the LDAP authenticator account is able to retrieve all of the attributes by testing it in an LDAP browser. I've also set up phpCas client to try printing the attributes (all of which have been released in the Services Management page) and it returns nothing. I'm really stuck! Has anyone else been able to do this successfully? I'm happy to provide my password-less deployerContextConfig.xml file and casServiceValidationSuccess.jsp page if necessary. Thanks! ---------------------------------- Zach Maxell ERP Systems Administrator Emerson College -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
