Re: [cas-user] Re: making an extra LDAP attribute visible via CAS
We achieve this with 5.0.x with the equivalent of the following in our service
registy entry:
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"udcid" : "UDC_IDENTIFIER",
}
}
On Tue, Nov 13, 2018 at 07:41:29AM -0800, Zach Tackett wrote:
>The CAS server is working, we are using 5.0. Currently getting CAS to map
>the employeeID to the UDC_IDENTIFIER internally, but it is not mapping it
>externally in our test data being dumped after logging in.
>
>On Tuesday, November 13, 2018 at 10:28:31 AM UTC-5, Matthew Uribe wrote:
>>
>> Hi Zach,
>>
>> I think you're leaving everyone here in the position of having to assume
>> which version of CAS you're using, as well as what you currently have in
>> place. Do you have a working CAS server now? What version are you working
>> on?
>>
>> Thanks,
>> Matt
>>
>> On Tuesday, November 13, 2018 at 8:08:08 AM UTC-7, Zach Tackett wrote:
>>>
>>> I tried what you mentioned and everytime I rebuild the CAS server it
>>> breaks because it doesn't like the .attributeRepository part of the
>>> attribute
>>>
>>> On Tuesday, November 13, 2018 at 9:54:57 AM UTC-5, Mac Reid wrote:
Assuming a working ldap attribute repository, we added the following
line to our cas.properties:
cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER
In the above line, the udcid is the ldap attribute and the
UDC_IDENTIFIER is the CAS name for the attribute.
In our Banner service file, we have the following:
attributeReleasePolicy: {
@class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
allowedAttributes: ["java.util.ArrayList", ["UDC_IDENTIFIER"]]
}
For reference:
https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#ldap
- Mac
--
Baron Fujimoto :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20181115003533.kaaq5zzpbdjkxjou%40combobulate.mgt.hawaii.edu.
Re: [cas-user] Re: making an extra LDAP attribute visible via CAS
Zach,
Looking at the docs for 5.0 I see that it doesn't seem to support multiple
LDAP servers, so the
cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER that
you see in other posts here would actually be more like this:
cas.authn.attributeRepository.attributes.udcid=UDC_IDENTIFIER but
obviously setting "employeeNumber" rather than "udcid" to the
UDC_IDENTIFIER attribute.
I'm not sure if that's where your problem is, since you are getting the
UDC_IDENTIFIER name for it in the cas.log file, but I point it out because
it does differ from what those with later version of CAS will be using.
What do you have in the service registry? Are you releasing all attributes,
or just specific named attributes?
Matt
On Tuesday, November 13, 2018 at 8:46:47 AM UTC-7, Zach Tackett wrote:
>
> This is the data we are getting back externally
>
> array(7) {
> ["samlAuthenticationStatementAuthMethod"]=>
> string(39) "urn:oasis:names:tc:SAML:1.0:am:password"
> ["isFromNewLogin"]=>
> string(4) "true"
> ["authenticationDate"]=>
> string(47) "2018-11-13T09:47:56.786-05:00[America/New_York]"
> ["authenticationMethod"]=>
> string(25) "LdapAuthenticationHandler"
> ["successfulAuthenticationHandlers"]=>
> string(25) "LdapAuthenticationHandler"
> ["longTermAuthenticationRequestTokenUsed"]=>
> string(5) "false"
> ["employeeNumber"]=>
> string(32) "1D89EC8ECD92959EE050650AEC077B26"
> }
>
> Internally when the server is running it is showing
>
> 2018-11-13 10:37:55,475 INFO
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> displayname=Tackett, Zachary, givenName=Zachary,
> LdapAuthenticationHandler.dn=cn=tackettz,ou=Office365,dc=marshall,dc=edu,
> sAMAccountName=tackettz, sn=Tackett,
> UDC_IDENTIFIER=1D89EC8ECD92959EE050650AEC077B26} with credentials [tackettz].>
>
>
> On Tuesday, November 13, 2018 at 10:28:31 AM UTC-5, Matthew Uribe wrote:
>>
>> Hi Zach,
>>
>> I think you're leaving everyone here in the position of having to assume
>> which version of CAS you're using, as well as what you currently have in
>> place. Do you have a working CAS server now? What version are you working
>> on?
>>
>> Thanks,
>> Matt
>>
>> On Tuesday, November 13, 2018 at 8:08:08 AM UTC-7, Zach Tackett wrote:
>>>
>>> I tried what you mentioned and everytime I rebuild the CAS server it
>>> breaks because it doesn't like the .attributeRepository part of the
>>> attribute
>>>
>>> On Tuesday, November 13, 2018 at 9:54:57 AM UTC-5, Mac Reid wrote:
Assuming a working ldap attribute repository, we added the following
line to our cas.properties:
cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER
In the above line, the udcid is the ldap attribute and the
UDC_IDENTIFIER is the CAS name for the attribute.
In our Banner service file, we have the following:
attributeReleasePolicy: {
@class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
allowedAttributes: ["java.util.ArrayList", ["UDC_IDENTIFIER"]]
}
For reference:
https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#ldap
- Mac
>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f1ebd7fe-07c5-48b0-9800-730f424dcffb%40apereo.org.
Re: [cas-user] Re: making an extra LDAP attribute visible via CAS
This is the data we are getting back externally
array(7) {
["samlAuthenticationStatementAuthMethod"]=>
string(39) "urn:oasis:names:tc:SAML:1.0:am:password"
["isFromNewLogin"]=>
string(4) "true"
["authenticationDate"]=>
string(47) "2018-11-13T09:47:56.786-05:00[America/New_York]"
["authenticationMethod"]=>
string(25) "LdapAuthenticationHandler"
["successfulAuthenticationHandlers"]=>
string(25) "LdapAuthenticationHandler"
["longTermAuthenticationRequestTokenUsed"]=>
string(5) "false"
["employeeNumber"]=>
string(32) "1D89EC8ECD92959EE050650AEC077B26"
}
Internally when the server is running it is showing
2018-11-13 10:37:55,475 INFO
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
On Tuesday, November 13, 2018 at 10:28:31 AM UTC-5, Matthew Uribe wrote:
>
> Hi Zach,
>
> I think you're leaving everyone here in the position of having to assume
> which version of CAS you're using, as well as what you currently have in
> place. Do you have a working CAS server now? What version are you working
> on?
>
> Thanks,
> Matt
>
> On Tuesday, November 13, 2018 at 8:08:08 AM UTC-7, Zach Tackett wrote:
>>
>> I tried what you mentioned and everytime I rebuild the CAS server it
>> breaks because it doesn't like the .attributeRepository part of the
>> attribute
>>
>> On Tuesday, November 13, 2018 at 9:54:57 AM UTC-5, Mac Reid wrote:
>>>
>>> Assuming a working ldap attribute repository, we added the following
>>> line to our cas.properties:
>>>
>>> cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER
>>>
>>> In the above line, the udcid is the ldap attribute and the
>>> UDC_IDENTIFIER is the CAS name for the attribute.
>>> In our Banner service file, we have the following:
>>>
>>> attributeReleasePolicy: {
>>> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
>>> allowedAttributes: ["java.util.ArrayList", ["UDC_IDENTIFIER"]]
>>> }
>>>
>>> For reference:
>>> https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#ldap
>>>
>>> - Mac
>>>
>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d956ba96-cd2a-45a3-9a75-448c13442f2a%40apereo.org.
Re: [cas-user] Re: making an extra LDAP attribute visible via CAS
The CAS server is working, we are using 5.0. Currently getting CAS to map
the employeeID to the UDC_IDENTIFIER internally, but it is not mapping it
externally in our test data being dumped after logging in.
On Tuesday, November 13, 2018 at 10:28:31 AM UTC-5, Matthew Uribe wrote:
>
> Hi Zach,
>
> I think you're leaving everyone here in the position of having to assume
> which version of CAS you're using, as well as what you currently have in
> place. Do you have a working CAS server now? What version are you working
> on?
>
> Thanks,
> Matt
>
> On Tuesday, November 13, 2018 at 8:08:08 AM UTC-7, Zach Tackett wrote:
>>
>> I tried what you mentioned and everytime I rebuild the CAS server it
>> breaks because it doesn't like the .attributeRepository part of the
>> attribute
>>
>> On Tuesday, November 13, 2018 at 9:54:57 AM UTC-5, Mac Reid wrote:
>>>
>>> Assuming a working ldap attribute repository, we added the following
>>> line to our cas.properties:
>>>
>>> cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER
>>>
>>> In the above line, the udcid is the ldap attribute and the
>>> UDC_IDENTIFIER is the CAS name for the attribute.
>>> In our Banner service file, we have the following:
>>>
>>> attributeReleasePolicy: {
>>> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
>>> allowedAttributes: ["java.util.ArrayList", ["UDC_IDENTIFIER"]]
>>> }
>>>
>>> For reference:
>>> https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#ldap
>>>
>>> - Mac
>>>
>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cea9b7e-f247-40d2-a65a-d7c179d633b3%40apereo.org.
Re: [cas-user] Re: making an extra LDAP attribute visible via CAS
Hi Zach,
I think you're leaving everyone here in the position of having to assume
which version of CAS you're using, as well as what you currently have in
place. Do you have a working CAS server now? What version are you working
on?
Thanks,
Matt
On Tuesday, November 13, 2018 at 8:08:08 AM UTC-7, Zach Tackett wrote:
>
> I tried what you mentioned and everytime I rebuild the CAS server it
> breaks because it doesn't like the .attributeRepository part of the
> attribute
>
> On Tuesday, November 13, 2018 at 9:54:57 AM UTC-5, Mac Reid wrote:
>>
>> Assuming a working ldap attribute repository, we added the following line
>> to our cas.properties:
>>
>> cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER
>>
>> In the above line, the udcid is the ldap attribute and the UDC_IDENTIFIER
>> is the CAS name for the attribute.
>> In our Banner service file, we have the following:
>>
>> attributeReleasePolicy: {
>> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
>> allowedAttributes: ["java.util.ArrayList", ["UDC_IDENTIFIER"]]
>> }
>>
>> For reference:
>> https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#ldap
>>
>> - Mac
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/952c9f6e-8382-4778-b56b-05a4f2a3afc5%40apereo.org.
Re: [cas-user] Re: making an extra LDAP attribute visible via CAS
note that the attributeRepository is part of a services JSON file. not the
cas.properties file. Ours looks as as follows because of some weirdness
with attribute names previously.
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "https://.*;,
"name" : "HTTPS",
"id" : 1,
"description" : "HTTPS protocol wildcard service.",
"evaluationOrder" : 1,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"UDC_IDENTIFIER" : "UDC_IDENTIFIER",
}
}
}
*Daniel Widrick*
Lead Programmer Analyst/Systems Administrator
SUNY Polytechnic Institute
100 Seymour Road
Utica, NY 13502
Help Desk: 315.792.7440
On Tue, Nov 13, 2018 at 10:08 AM Zach Tackett wrote:
> I tried what you mentioned and everytime I rebuild the CAS server it
> breaks because it doesn't like the .attributeRepository part of the
> attribute
>
> On Tuesday, November 13, 2018 at 9:54:57 AM UTC-5, Mac Reid wrote:
>>
>> Assuming a working ldap attribute repository, we added the following line
>> to our cas.properties:
>>
>> cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER
>>
>> In the above line, the udcid is the ldap attribute and the UDC_IDENTIFIER
>> is the CAS name for the attribute.
>> In our Banner service file, we have the following:
>>
>> attributeReleasePolicy: {
>> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
>> allowedAttributes: ["java.util.ArrayList", ["UDC_IDENTIFIER"]]
>> }
>>
>> For reference:
>> https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#ldap
>>
>> - Mac
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/37137678-7743-4ebd-8884-5ef5578d3de7%40apereo.org
>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAN_fqOAcVgNtEjCEhFr6e8L%3D-HMw7y3%3Dm05zcUb8Q3phD4S4Yg%40mail.gmail.com.
Re: [cas-user] Re: making an extra LDAP attribute visible via CAS
I tried what you mentioned and everytime I rebuild the CAS server it breaks
because it doesn't like the .attributeRepository part of the attribute
On Tuesday, November 13, 2018 at 9:54:57 AM UTC-5, Mac Reid wrote:
>
> Assuming a working ldap attribute repository, we added the following line
> to our cas.properties:
>
> cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER
>
> In the above line, the udcid is the ldap attribute and the UDC_IDENTIFIER
> is the CAS name for the attribute.
> In our Banner service file, we have the following:
>
> attributeReleasePolicy: {
> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
> allowedAttributes: ["java.util.ArrayList", ["UDC_IDENTIFIER"]]
> }
>
> For reference:
> https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#ldap
>
> - Mac
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/37137678-7743-4ebd-8884-5ef5578d3de7%40apereo.org.
Re: [cas-user] Re: making an extra LDAP attribute visible via CAS
Assuming a working ldap attribute repository, we added the following line
to our cas.properties:
cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER
In the above line, the udcid is the ldap attribute and the UDC_IDENTIFIER
is the CAS name for the attribute.
In our Banner service file, we have the following:
attributeReleasePolicy: {
@class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
allowedAttributes: ["java.util.ArrayList", ["UDC_IDENTIFIER"]]
}
For reference:
https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#ldap
- Mac
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALX_e4%3DneGDkSFVw3CwfYP-_RkCdhRppqKPOxj-%2BEV1Dws98EA%40mail.gmail.com.
