TL;DR - Attribute injection is working with serviceValidate in the master. ServiceValidate already includes the AuthenticationDate attribute.
For a little more background, we'd originally decided to use samlValidate because mod_auth_cas version 1.1 (the latest version installed by yum) wouldn't inject the CAS attributes as headers when using serviceValidate. I forged ahead with an enhancement to mod_auth_cas to convert the AuthenticationInstant SAML attribute in the SAML AuthenticationStatement to a CAS attribute. With that change, when using samlValidate, I started getting [CASAttributePrefix]AuthenticationInstant as a request header. I also noticed that the attribute injection for serviceValidate had been fixed in the master. Using serviceValidate, I began getting [CASAttributePrefix]AuthenticationDate as a request header. So I don't actually need my change to the samlValidate code now that serviceValidate is injecting the attributes. I'll leave the pull request out there since this would increase feature parity for samlValidate. On Monday, October 30, 2017 at 6:07:03 PM UTC-4, Ned Regina wrote: > > I have a requirement to provide the authentication date, when the user > last entered credentials, for the current user session. I'm using > mod_auth_cas with samlValidate to inject attributes as headers into the > lower tiers in the stack. It appears that this value is returned as the > AuthenticationInstant attribute of the AuthenticationStatement element of > the SAML response. However, there doesn't seem to be a mechanism within > mod_auth_cas to add this as a request header. > > Is there an attribute representing this value that can be configured for > release in the CAS configuration? Using serviceValidate, this value is > returned as the CAS attribute authenticationDate. I've tried adding that > to the default attribute release config, but I get nothing. > > > cas.authn.attributeRepository.defaultAttributesToRelease=employeeNumber,authenticationDate > > I get employeeNumber, but I don't get authenticationDate in the saml > response. > > Thanks for any insights. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ed5bd4e9-9587-4ef2-bd47-34c593ae07aa%40apereo.org.
