Hi !
I want to use the /principalAttributeName/ feature following CAS
documentation (https://wiki.jasig.org/display/casum/attributes) but it
didn't work because my CAS (v3.5.3) cannot retrieve attributes from my
LDAP (login is OK) :
2015-01-29 14:07:45,730 WARN
[org.jasig.cas.CentralAuthenticationServiceImpl] - Principal [xxx] did
not have attribute [mail] among attributes *[{}] *so CAS cannot provide
on the validation response the user attribute the registered service ***
expects. CAS will instead return the default username attribute [xxx]
I have checked access to attributes with the user, it's ok.
In the LDAP log, attributes are not requested :
Jan 29 14:21:29 ldap-test slapd[2968]: conn=141942 op=1 SRCH
base="ou=people,dc=univ-lille3,dc=fr" scope=2 deref=3
filter="(&(!(lille3BlockedDate=*))(|(eduPersonPrincipalName=xxx)(uid=xxx)(mail=xxx)))"
Jan 29 14:21:29 ldap-test slapd[2968]: conn=141942 op=1 SRCH attr=1.1
...
Jan 29 14:21:29 ldap-test slapd[2968]: conn=141944 op=1 SRCH
base="ou=people,dc=univ-lille3,dc=fr" scope=2 deref=3
filter="(|(eduPersonPrincipalName=xxx)(uid=xxx)(mail=xxx))"
Jan 29 14:21:29 ldap-test slapd[2968]: conn=141944 op=1 SRCH attr=uid
Now, here the relevant part from my /deployerConfigContext.xml/ file :
The use of the attribute repository :
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<!-- The Principal resolver form the credentials -->
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
</property>
<property name="filter"
value="(|(eduPersonPrincipalName=%u)(uid=%u)(mail=%u))" />
<property name="principalAttributeName" value="uid" />
<property name="searchBase" value="ou=people,dc=univ-lille3,dc=fr" />
<property name="contextSource" ref="contextSource" />
</bean>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>
<property name="attributeRepository" ref="attributeRepository" />
</bean>
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
</list>
</property>
The configuration of the attribute repository :
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="baseDN" value="ou=people,dc=univ-lille3,dc=fr"/>
<property name="contextSource" ref="contextSource" />
<property name="requireAllQueryAttributes" value="true"/>
<property name="queryAttributeMapping">
<map>
<entry key="uid" value="uid" />
<entry key="mail" value="mail" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="uid" value="uid" />
<entry key="mail" value="mail" />
</map>
</property>
</bean>
The configuration of the services :
<bean id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="0" />
<property name="name" value="Test" />
<property name="description" value="" />
<property name="serviceId" value="***" />
<property name="usernameAttribute" value="mail" />
<property name="evaluationOrder" value="0" />
<property name="allowedAttributes">
<list>
<value>mail</value>
</list>
</property>
</bean>
...
</list>
</property>
</bean>
Any help will be welcome :)
Sylvain
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
