You're welcome. On 11/25/14 8:38 AM, Zachary Maxell wrote: > Wow. I can't believe that was it. I mean, I knew it had to be something in > the config, but I can't believe it was something that simple. Thank you so > much John. I really, really appreciate it! > > ---------------------------------- > Zach Maxell > ERP Systems Administrator > Emerson College > > > ________________________________ > From: John Gasper <[email protected]> > Sent: Tuesday, November 25, 2014 11:32 AM > To: [email protected] > Subject: Re: [cas-user] Pulling attributes from Active Directory > > Try changing this line: > <property name="queryAttributeMapping"> > <entry key="sAMAccountName" value="sAMAccountName"/> > > to: > <property name="queryAttributeMapping"> > <entry key="username" value="sAMAccountName"/> > > I hope that helps. > > --- > John Gasper > IAM Consultant > Unicon, Inc. > PGP/GPG Key: 0xbafee3ef > > On 11/25/14 8:27 AM, Zachary Maxell wrote: > > Hi John, > > Here are the files. I really appreciate your help! > > ---------------------------------- > Zach Maxell > ERP Systems Administrator > Emerson College > > > ________________________________________ > From: John Gasper <[email protected]><mailto:[email protected]> > Sent: Tuesday, November 25, 2014 11:14 AM > To: [email protected]<mailto:[email protected]> > Subject: Re: [cas-user] Pulling attributes from Active Directory > > Hi Zach, > > Go ahead and share your files with us. That should help. > > On 11/25/14 6:28 AM, Zachary Maxell wrote: > > > Hi there, > > I'm running CAS 3.5.2.1 on Ubuntu 14.04.1 and using Active Directory as the > source. I have a mysql db for persistence for tickets and Managed Services. > > My deployerContextConfig.xml has the attribute mapping set up to pull > additional attributes from AD (givenName, sn, employeeID, etc.). I have > modified the casServiceValidationSuccess.jsp file to release the attributes > to the clients requesting them. > > Authentication works successfully for clients, but attributes are never > passed on. > > In the catalina.out logs, I get this after successful service ticket creation > for any user: > > 2014-11-19 10:53:20,843 WARN [org.jasig.cas.CentralAuthenticationServiceImpl] > - <Principal [George_Feeny] did not have attribute [sAMAccountName] among > attributes [{}] so CAS cannot provide on the validation response the user > attribute the registered service [https://casclient.test/sso] expects. CAS > will instead return the default username attribute [George_Feeny]> > > I have also ensured that the LDAP authenticator account is able to retrieve > all of the attributes by testing it in an LDAP browser. I've also set up > phpCas client to try printing the attributes (all of which have been released > in the Services Management page) and it returns nothing. > > I'm really stuck! Has anyone else been able to do this successfully? I'm > happy to provide my password-less deployerContextConfig.xml file and > casServiceValidationSuccess.jsp page if necessary. > > Thanks! > > ---------------------------------- > > Zach Maxell > ERP Systems Administrator > Emerson College > > > > > > -- > You are currently subscribed to > [email protected]<mailto:[email protected]> as: > [email protected]<mailto:[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user >
-- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
