Re: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
Did you get solution to this, even i am having the same scenario and
looking for the solution to the same question?
On Wednesday, 11 August 2021 at 16:38:36 UTC+5:30 fryc...@gmail.com wrote:
> Hello!
>
> And what to do if:
>
> I have CAS 5.2.3 and an LDAP connection.
>
> LDAP has 1 domain and 2 ou (ou = groups, ou = people). Each group has a cn
> with the group name. Each such group contains several members, where the
> username from ou = people is specified.
>
> My task is to get the groups of the user when it is authenticated in order
> to update them.
>
> I just can't figure out how I can use CAS to get the groups of each user
> out of LDAP.
>
> пятница, 31 августа 2018 г. в 22:17:12 UTC+3, waldbiec:
>
>> Bill,
>>
>> In `cas.properties`, in your LDAP section, you want a property like this:
>>
>> cas.authn.ldap[0].principalAttributeList=uid,givenName,sn:surname,mail:email,memberOf
>>
>>
>>
>> That says that the principal that is authenticated should get the above
>> list of LDAP attributes. For the ones that have 2 items separated by a
>> colon, that is just a rename from the LDAP attribute to the name that will
>> be exposed via CAS.
>>
>> In your service file for an individual service, you specify what
>> attributes from the above list you want to release. The following sections
>> from a service file are an example:
>>
>> "attributeReleasePolicy" : {
>> "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
>> "attributeFilter" : {
>> "@class":
>> "org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter",
>>
>>
>> "patterns": {
>> "@class" : "java.util.HashMap",
>> "memberOf": "cn=administrators,ou=groups,dc=example,dc=org"
>> },
>> "excludeUnmappedAttributes": false,
>> "completeMatch": false,
>> "order": 0
>> },
>> "allowedAttributes" : [ "java.util.ArrayList",
>> [
>> "uid",
>> "memberOf",
>> "email",
>> "givenName",
>> "surname"
>> ]
>> ]
>> },
>>
>> The "attributeReleasePolicy" is used to filer the "memberOf" attribute
>> down to a specific value (because he attribute is multi-valued, and you
>> usually only want to release only one or a few of the values to a service).
>> The "allowedAttributes" section specifies what attributes from the
>> principal will be released at all.
>>
>> Thanks,
>> Carl Waldbieser
>> ITS Identity Management
>> Lafayette College
>>
>> - Original Message -
>> From: "Bill Scully"
>> To: "cas-user"
>> Sent: Friday, 31 August, 2018 15:00:09
>> Subject: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
>>
>> Hi,
>>
>> I'm having a hard time getting my head around where to start configuring
>> CAS to provide LDAP attributes to the "RegisteredService" / application
>> after authentication. I'm assuming there are 2 areas that I need to
>> configure, cas.properties and service JSON files, but navigating the
>> documentation to find what I need has been beyond me up to this point.
>>
>> Can someone kindly point me to the right areas
>> of https://apereo.github.io/cas/5.2.x/ or give me some tips on where I
>> can
>> figure out how to retrieve certain attributes from LDAP and share those
>> selected values with the application? I hope I'm using "application"
>> properly.
>>
>> Thanks,
>>
>> Bill
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac28e9bc-9bdf-4d1d-9d59-d99ad23d2dc9%40apereo.org.
>>
>>
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bffedc5b-da63-4b19-8c7b-aa6fc349dd6en%40apereo.org.
Re: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
Yup, it was just the CAS client configuration. All is well. Thanks!
On Friday, August 31, 2018 at 4:02:11 PM UTC-5, Bill Scully wrote:
>
> Thank you both for your helpful links and examples!
>
> I haven't been able to successfully retrieve any specified attributes in
> our testing, but it may our client configuration.
>
> On to troubleshooting!
>
> Many, many thanks to both of you, again!
>
> On Friday, August 31, 2018 at 2:17:12 PM UTC-5, waldbiec wrote:
>>
>> Bill,
>>
>> In `cas.properties`, in your LDAP section, you want a property like this:
>>
>>
>> cas.authn.ldap[0].principalAttributeList=uid,givenName,sn:surname,mail:email,memberOf
>>
>>
>>
>> That says that the principal that is authenticated should get the above
>> list of LDAP attributes. For the ones that have 2 items separated by a
>> colon, that is just a rename from the LDAP attribute to the name that will
>> be exposed via CAS.
>>
>> In your service file for an individual service, you specify what
>> attributes from the above list you want to release. The following sections
>> from a service file are an example:
>>
>> "attributeReleasePolicy" : {
>> "@class" :
>> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
>> "attributeFilter" : {
>> "@class":
>> "org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter",
>>
>>
>> "patterns": {
>> "@class" : "java.util.HashMap",
>> "memberOf": "cn=administrators,ou=groups,dc=example,dc=org"
>> },
>> "excludeUnmappedAttributes": false,
>> "completeMatch": false,
>> "order": 0
>> },
>> "allowedAttributes" : [ "java.util.ArrayList",
>> [
>> "uid",
>> "memberOf",
>> "email",
>> "givenName",
>> "surname"
>> ]
>> ]
>> },
>>
>> The "attributeReleasePolicy" is used to filer the "memberOf" attribute
>> down to a specific value (because he attribute is multi-valued, and you
>> usually only want to release only one or a few of the values to a service).
>> The "allowedAttributes" section specifies what attributes from the
>> principal will be released at all.
>>
>> Thanks,
>> Carl Waldbieser
>> ITS Identity Management
>> Lafayette College
>>
>> - Original Message -
>> From: "Bill Scully"
>> To: "cas-user"
>> Sent: Friday, 31 August, 2018 15:00:09
>> Subject: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
>>
>> Hi,
>>
>> I'm having a hard time getting my head around where to start configuring
>> CAS to provide LDAP attributes to the "RegisteredService" / application
>> after authentication. I'm assuming there are 2 areas that I need to
>> configure, cas.properties and service JSON files, but navigating the
>> documentation to find what I need has been beyond me up to this point.
>>
>> Can someone kindly point me to the right areas
>> of https://apereo.github.io/cas/5.2.x/ or give me some tips on where I
>> can
>> figure out how to retrieve certain attributes from LDAP and share those
>> selected values with the application? I hope I'm using "application"
>> properly.
>>
>> Thanks,
>>
>> Bill
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac28e9bc-9bdf-4d1d-9d59-d99ad23d2dc9%40apereo.org.
>>
>>
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/714d92bf-5b86-44eb-8af7-3769a862738d%40apereo.org.
Re: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
Thank you both for your helpful links and examples!
I haven't been able to successfully retrieve any specified attributes in
our testing, but it may our client configuration.
On to troubleshooting!
Many, many thanks to both of you, again!
On Friday, August 31, 2018 at 2:17:12 PM UTC-5, waldbiec wrote:
>
> Bill,
>
> In `cas.properties`, in your LDAP section, you want a property like this:
>
>
> cas.authn.ldap[0].principalAttributeList=uid,givenName,sn:surname,mail:email,memberOf
>
>
>
> That says that the principal that is authenticated should get the above
> list of LDAP attributes. For the ones that have 2 items separated by a
> colon, that is just a rename from the LDAP attribute to the name that will
> be exposed via CAS.
>
> In your service file for an individual service, you specify what
> attributes from the above list you want to release. The following sections
> from a service file are an example:
>
> "attributeReleasePolicy" : {
> "@class" :
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
> "attributeFilter" : {
> "@class":
> "org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter",
>
>
> "patterns": {
> "@class" : "java.util.HashMap",
> "memberOf": "cn=administrators,ou=groups,dc=example,dc=org"
> },
> "excludeUnmappedAttributes": false,
> "completeMatch": false,
> "order": 0
> },
> "allowedAttributes" : [ "java.util.ArrayList",
> [
> "uid",
> "memberOf",
> "email",
> "givenName",
> "surname"
> ]
> ]
> },
>
> The "attributeReleasePolicy" is used to filer the "memberOf" attribute
> down to a specific value (because he attribute is multi-valued, and you
> usually only want to release only one or a few of the values to a service).
> The "allowedAttributes" section specifies what attributes from the
> principal will be released at all.
>
> Thanks,
> Carl Waldbieser
> ITS Identity Management
> Lafayette College
>
> - Original Message -
> From: "Bill Scully" >
> To: "cas-user" >
> Sent: Friday, 31 August, 2018 15:00:09
> Subject: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
>
> Hi,
>
> I'm having a hard time getting my head around where to start configuring
> CAS to provide LDAP attributes to the "RegisteredService" / application
> after authentication. I'm assuming there are 2 areas that I need to
> configure, cas.properties and service JSON files, but navigating the
> documentation to find what I need has been beyond me up to this point.
>
> Can someone kindly point me to the right areas
> of https://apereo.github.io/cas/5.2.x/ or give me some tips on where I
> can
> figure out how to retrieve certain attributes from LDAP and share those
> selected values with the application? I hope I'm using "application"
> properly.
>
> Thanks,
>
> Bill
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac28e9bc-9bdf-4d1d-9d59-d99ad23d2dc9%40apereo.org.
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/75e63571-f1e0-40c6-99c4-35784432e1dc%40apereo.org.
Re: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
Thank you both for your helpful links and examples!
I haven't been able to successfully retrieve any specified attributes in
our testing, but it may our client configuration.
On to troubleshooting!
Many, many thanks to both of you, again!
On Friday, August 31, 2018 at 2:17:12 PM UTC-5, waldbiec wrote:
>
> Bill,
>
> In `cas.properties`, in your LDAP section, you want a property like this:
>
>
> cas.authn.ldap[0].principalAttributeList=uid,givenName,sn:surname,mail:email,memberOf
>
>
>
> That says that the principal that is authenticated should get the above
> list of LDAP attributes. For the ones that have 2 items separated by a
> colon, that is just a rename from the LDAP attribute to the name that will
> be exposed via CAS.
>
> In your service file for an individual service, you specify what
> attributes from the above list you want to release. The following sections
> from a service file are an example:
>
> "attributeReleasePolicy" : {
> "@class" :
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
> "attributeFilter" : {
> "@class":
> "org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter",
>
>
> "patterns": {
> "@class" : "java.util.HashMap",
> "memberOf": "cn=administrators,ou=groups,dc=example,dc=org"
> },
> "excludeUnmappedAttributes": false,
> "completeMatch": false,
> "order": 0
> },
> "allowedAttributes" : [ "java.util.ArrayList",
> [
> "uid",
> "memberOf",
> "email",
> "givenName",
> "surname"
> ]
> ]
> },
>
> The "attributeReleasePolicy" is used to filer the "memberOf" attribute
> down to a specific value (because he attribute is multi-valued, and you
> usually only want to release only one or a few of the values to a service).
> The "allowedAttributes" section specifies what attributes from the
> principal will be released at all.
>
> Thanks,
> Carl Waldbieser
> ITS Identity Management
> Lafayette College
>
> - Original Message -
> From: "Bill Scully" >
> To: "cas-user" >
> Sent: Friday, 31 August, 2018 15:00:09
> Subject: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
>
> Hi,
>
> I'm having a hard time getting my head around where to start configuring
> CAS to provide LDAP attributes to the "RegisteredService" / application
> after authentication. I'm assuming there are 2 areas that I need to
> configure, cas.properties and service JSON files, but navigating the
> documentation to find what I need has been beyond me up to this point.
>
> Can someone kindly point me to the right areas
> of https://apereo.github.io/cas/5.2.x/ or give me some tips on where I
> can
> figure out how to retrieve certain attributes from LDAP and share those
> selected values with the application? I hope I'm using "application"
> properly.
>
> Thanks,
>
> Bill
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac28e9bc-9bdf-4d1d-9d59-d99ad23d2dc9%40apereo.org.
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20140c81-415e-47f4-8862-9c0e99eac889%40apereo.org.
Re: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
Bill,
In `cas.properties`, in your LDAP section, you want a property like this:
cas.authn.ldap[0].principalAttributeList=uid,givenName,sn:surname,mail:email,memberOf
That says that the principal that is authenticated should get the above list of
LDAP attributes. For the ones that have 2 items separated by a colon, that is
just a rename from the LDAP attribute to the name that will be exposed via CAS.
In your service file for an individual service, you specify what attributes
from the above list you want to release. The following sections from a service
file are an example:
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"attributeFilter" : {
"@class":
"org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter",
"patterns": {
"@class" : "java.util.HashMap",
"memberOf": "cn=administrators,ou=groups,dc=example,dc=org"
},
"excludeUnmappedAttributes": false,
"completeMatch": false,
"order": 0
},
"allowedAttributes" : [ "java.util.ArrayList",
[
"uid",
"memberOf",
"email",
"givenName",
"surname"
]
]
},
The "attributeReleasePolicy" is used to filer the "memberOf" attribute down to
a specific value (because he attribute is multi-valued, and you usually only
want to release only one or a few of the values to a service). The
"allowedAttributes" section specifies what attributes from the principal will
be released at all.
Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College
- Original Message -
From: "Bill Scully"
To: "cas-user"
Sent: Friday, 31 August, 2018 15:00:09
Subject: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
Hi,
I'm having a hard time getting my head around where to start configuring
CAS to provide LDAP attributes to the "RegisteredService" / application
after authentication. I'm assuming there are 2 areas that I need to
configure, cas.properties and service JSON files, but navigating the
documentation to find what I need has been beyond me up to this point.
Can someone kindly point me to the right areas
of https://apereo.github.io/cas/5.2.x/ or give me some tips on where I can
figure out how to retrieve certain attributes from LDAP and share those
selected values with the application? I hope I'm using "application"
properly.
Thanks,
Bill
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac28e9bc-9bdf-4d1d-9d59-d99ad23d2dc9%40apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1473853490.82791165.1535742993465.JavaMail.zimbra%40lafayette.edu.
Re: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
Bill, Service config: https://apereo.github.io/cas/5.2.x/integration/Attribute-Release-Policies.html CAS config: https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#passivators in particular, cas.authn.ldap[0].principalAttributeList Ray On Fri, 2018-08-31 at 12:00 -0700, Bill Scully wrote: Hi, I'm having a hard time getting my head around where to start configuring CAS to provide LDAP attributes to the "RegisteredService" / application after authentication. I'm assuming there are 2 areas that I need to configure, cas.properties and service JSON files, but navigating the documentation to find what I need has been beyond me up to this point. Can someone kindly point me to the right areas of https://apereo.github.io/cas/5.2.x/ or give me some tips on where I can figure out how to retrieve certain attributes from LDAP and share those selected values with the application? I hope I'm using "application" properly. Thanks, Bill -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1535742584.2864.46.camel%40uvic.ca.
[cas-user] CAS 5.2 Passing LDAP Attributes to Application
Hi, I'm having a hard time getting my head around where to start configuring CAS to provide LDAP attributes to the "RegisteredService" / application after authentication. I'm assuming there are 2 areas that I need to configure, cas.properties and service JSON files, but navigating the documentation to find what I need has been beyond me up to this point. Can someone kindly point me to the right areas of https://apereo.github.io/cas/5.2.x/ or give me some tips on where I can figure out how to retrieve certain attributes from LDAP and share those selected values with the application? I hope I'm using "application" properly. Thanks, Bill -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac28e9bc-9bdf-4d1d-9d59-d99ad23d2dc9%40apereo.org.
