Hello,
I'm using CAS 4.0 on Tomcat 8.0 with Oracle Java JVM 1.8.0
The authentication against a LDAP directory which is managed by a Microsoft
Active Directory Server 2008 R2 works as expected.
But the LDAP attributes are not passed to the service.
The class PolicyBasedAuthenticationManager debugs the correct attribute map
with all correct values at the moment of the authentication on the CAS server.
But these attributes are not passed to the registered services.
The class RegisteredServiceRegexAttributeFilter debugs that it received 0
attributes.
And also my phpCAS 1.3.3 gives me an empty array for phpCAS::getAttributes() -
but the correct username with phpCAS::getUser().
Has anyone an idea where my mistake is?
Thank you very much for your help!
My deployerConfigContext.xml is:
<bean id="authenticationManager"
class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<entry key-ref="firstLDAP" value="#{null}" />
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean
class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>
<bean id="firstLDAP"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="sAMAccountName"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<entry key="displayName" value="displayName" />
<entry key="mail" value="mail" />
<entry key="memberOf" value="memberOf" />
</map>
</property>
</bean>
... see complete config at
http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html#active-directory-authentication
<bean id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="1" />
<property name="name" value="All Websites" />
<property name="serviceId" value="^(https?)://.*" />
<property name="evaluationOrder" value="0" />
<property name="attributeFilter">
<bean
class="org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter"
c:regex=".*(mail).*" />
</property>
</bean>
</list>
</property>
</bean>
My debug log is:
INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler successfully authenticated testuser+password>
DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <No
resolver configured for LdapAuthenticationHandler. Falling back to handler
principal testuser>
INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<Authenticated testuser with credentials [testuser+password].>
DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<Attribute map for testuser: {displayName=Test User, [email protected],
memberOf=[CN=allusers,OU=Users,DC=mydomain,DC=local]}>
INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN ... >
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[TGT-1-YSFZST3d3fMJCBb3xlfMmTH7ZtdgTTmCcN3lC5DwSXMn5WL6Wp-mydomaincluster] to
registry.>
Audit trail record ... Slf4jLoggingAuditTrailManager ...
CookieRetrievingCookieGenerator ... DefaultTicketRegistry ...
DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated
service for: http://192.168.0.1/castest/>
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket [ST-1-lfDFJh6WF04IUOTvOatP-mydomaincluster]>
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[ST-1-lfDFJh6WF04IUOTvOatP-mydomaincluster] found in registry.>
DEBUG [org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter] -
<Received 0 attributes. Filtered and released 0>
DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal id to
return for service [All Websites] is [testuser]. The default principal id is
[testuser].>
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket
[ST-1-lfDFJh6WF04IUOTvOatP-mydomaincluster] from registry>
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket [ST-1-lfDFJh6WF04IUOTvOatP-mydomaincluster]>
INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN ...>
DEBUG [org.jasig.cas.web.ServiceValidateController] - <Successfully validated
service ticket ST-1-lfDFJh6WF04IUOTvOatP-mydomaincluster for service
[http://192.168.0.1/castest/]>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
