Hi !

I want to use the /principalAttributeName/ feature following CAS 
documentation (https://wiki.jasig.org/display/casum/attributes) but it 
didn't work because my CAS (v3.5.3) cannot retrieve attributes from my 
LDAP (login is OK) :

2015-01-29 14:07:45,730 WARN 
[org.jasig.cas.CentralAuthenticationServiceImpl] - Principal [xxx] did 
not have attribute [mail] among attributes *[{}] *so CAS cannot provide 
on the validation response the user attribute the registered service *** 
expects. CAS will instead return the default username attribute [xxx]

I have checked access to attributes with the user, it's ok.
In the LDAP log, attributes are not requested :

Jan 29 14:21:29 ldap-test slapd[2968]: conn=141942 op=1 SRCH 
base="ou=people,dc=univ-lille3,dc=fr" scope=2 deref=3 
filter="(&(!(lille3BlockedDate=*))(|(eduPersonPrincipalName=xxx)(uid=xxx)(mail=xxx)))"
Jan 29 14:21:29 ldap-test slapd[2968]: conn=141942 op=1 SRCH attr=1.1
...
Jan 29 14:21:29 ldap-test slapd[2968]: conn=141944 op=1 SRCH 
base="ou=people,dc=univ-lille3,dc=fr" scope=2 deref=3 
filter="(|(eduPersonPrincipalName=xxx)(uid=xxx)(mail=xxx))"
Jan 29 14:21:29 ldap-test slapd[2968]: conn=141944 op=1 SRCH attr=uid

Now, here the relevant part from my /deployerConfigContext.xml/ file :

The use of the attribute repository :

<property name="credentialsToPrincipalResolvers">
     <list>
<bean 
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<!-- The Principal resolver form the credentials -->
<property name="credentialsToPrincipalResolver">
<bean 
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
 
/>
</property>
<property name="filter" 
value="(|(eduPersonPrincipalName=%u)(uid=%u)(mail=%u))" />
<property name="principalAttributeName" value="uid" />
<property name="searchBase" value="ou=people,dc=univ-lille3,dc=fr" />
<property name="contextSource" ref="contextSource" />
</bean>
<bean 
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
 
 >
<property name="attributeRepository" ref="attributeRepository" />
</bean>
<bean 
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
 
/>
</list>
</property>

The configuration of the attribute repository :

<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
     <property name="baseDN" value="ou=people,dc=univ-lille3,dc=fr"/>
     <property name="contextSource" ref="contextSource" />
     <property name="requireAllQueryAttributes" value="true"/>

     <property name="queryAttributeMapping">
         <map>
             <entry key="uid" value="uid" />
             <entry key="mail" value="mail" />
         </map>
     </property>

     <property name="resultAttributeMapping">
         <map>
             <entry key="uid" value="uid" />
             <entry key="mail" value="mail" />
         </map>
     </property>
</bean>

The configuration of the services :

<bean id="serviceRegistryDao" 
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
     <property name="registeredServices">
         <list>
             <bean class="org.jasig.cas.services.RegexRegisteredService">
                 <property name="id" value="0" />
                 <property name="name" value="Test" />
                 <property name="description" value="" />
                 <property name="serviceId" value="***" />
                 <property name="usernameAttribute" value="mail" />
                 <property name="evaluationOrder" value="0" />
                 <property name="allowedAttributes">
                     <list>
                         <value>mail</value>
                     </list>
                 </property>
             </bean>
...
         </list>
     </property>
</bean>

Any help will be welcome :)

Sylvain

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to