David,
I really want to thank for helping me on this.
I've finally managed to retrieve a multiple value attribute, just like
you've said the responsible to release attributes for CAS is the
Authentication Handler. In my case Active Directory. So, what i've done was
create a custom attribute
Well, I also said we don't do that here, so I don't actually know how to do
it, just that I think you can. :-)
But seriously, I believe it depends on what you're using for an attribute
repository. And I'm not sure whether it's going to give you what you want:
David,
What i want is to log in into multiple AWS Accounts using SAML2. I've
managed to log into only one account. But to log in into multiple accounts
you have to send the response like this:
https://aws.amazon.com/SAML/Attributes/Role
The "ReturnMappedAttributeReleasePolicy" is not a method for returning
attribute values, it's a method for changing the name of an attribute when
you release it.
For example, suppose you have an application that wants you to give it an
attribute called "LastName". But your Active Directory, of
David,
I'm using Json Service Registry.
You're telling me that the responsible for multi-value attributes is not
the service registry but the repository 'im using? (In my case Active
Directory).
So, let me show you the example i'm using.
I need to map a multi-value attribute for the attribute
Since I'm the only "David" I see in this thread I assume you're asking
me... but I'm not sure I understand the question. Where are you putting the
JSON that you're expecting CAS to consume it and then spit it out in a SAML
response?
Normally, CAS will get the attributes from whatever repositories
Hi David!
i'm praying that you see my question now because i really need your help.
I want to thank you because you really helped me showing the .json
configurattion.
But i need some help on this.
How do i manage to do a multi value attribute on json.
I need the SAML response to be like this
Presently, we are using CAS as an Identity Provider but now we want to use
SAML2.0 as an Identity provider instead of CAS server. As I'm new to CAS,
can anyone help me out the steps that I need to follow? and I have some
queries like, Do we need to configure the SAML Request & Response
externally?
That got it! Thank you so much, David!
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
So, you have
cas.authn.attributeRepository.jdbc[0].username=email
in *cas.properties*? I didn't see it in the ones you copied/pasted earlier.
Dumb question, but if you connect to the database using the same user and
password that you have CAS configured to use, and you run
SELECT * FROM
John,
You may be able to set 'show_sql' for hibernate. CAS properties has
'Hibernate-specific properties' but I have not used this.
Ray
On Tue, 2018-05-22 at 10:18 -0700, John D Giotta wrote:
My "username" column is called email, but even with your suggestions I still
get the following DEBUG
My "username" column is called email, but even with your suggestions I
still get the following DEBUG output in logs.
Found [0] attributes for principal [jdgio...@gmail.com] from the attribute
repository.
This is why I think there something wrong with the query. Log level is set
to debug, but
I'm pretty sure that if you enable debug-level logging on
org.apereo.services.persondir in */etc/cas/config/log4j2.xml*, you'll see
the SQL query in *cas.log*. You can do that most easily by changing this
line near the top of the file:
warn
to:
debug
You shouldn't even need to restart the
Is there any way to show the sql used to get user attributes?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to
Could be, but as I don't use the jdbc stuff, I can't help you with that.
The {0} gets replaced with some dynamic value generated by the Java code.
My guess would be it's some condition like column=value, but that's pretty
a guess.
I would suggest if you haven't yet to see the CAS log level to
Same error. Do you think that maybe my select statement is wrong?
Specifically the `WHERE {0}` That just seems wrong to me. What is {0}?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions:
Based on the SELECT, I think these definitions are flipped:
cas.authn.attributeRepository.jdbc[0].attributes.uid=id
cas.authn.attributeRepository.jdbc[0].attributes.givenName=first_name
cas.authn.attributeRepository.jdbc[0].attributes.emailaddress=email
cas.authn.accept.users=
cas.authn.jdbc.query[0].ddlAuto=none
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].fieldPassword=password
cas.authn.jdbc.query[0].password=
Can you attach the relevant section of cas.properties (the part where you
define which attributes you're going to resolve) and the service definition
for the SAML SP?
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1
The error I see on the CAS server is the following:
2018-05-21 20:15:07,348 INFO
[org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController]
-
2018-05-21 20:15:07,656 WARN
[org.apereo.cas.services.ReturnMappedAttributeReleasePolicy] -
Someone smarter than me may need to weigh in on this... but I'll try.
As I understand it, SAML SPs will accept two forms of attribute names. One
form is that "urn" notation that Shibboleth seems to like:
The other form is the "friendly name," which is basically just a string,
like "cn"
David,
I'm still trying to understand how user attributes are supposed to work.
Let's say I'm using JDBC as my source for user data and credentials. If I'm
writing the JSON service to map datasource fields to SAML attributes, how
is this done? Is it naming convention? Do I need to include a
I've had very little success making the management service work (like other
things).
I try to follow the documentation, but something is always amiss.
My personal problem is that I'm very much a TDD developer. I have issues
not being able to effectively test what I'm doing.
--
- Website:
I'm not sure I understand the question. If you mean could you copy the
example I provided directly into a jdbc/jpa service registry, then I have
to say I don't know, because I don't know how the information is stored in
the database.
The first example I gave (the Apache one) is a json file from a
Would this example you provided be applicable to a jdbc backend?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to
Here's a JSON definition for an Apache HTTPD with the Shibboleth
mod_shib/shibd plug-in:
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "https://casdev-samlsp.newschool.edu/shibboleth;,
"name" : "Apache Secured By SAML",
"id" : 1509030300,
Do you have an example of this?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
The same way you do for CAS services, pretty much. Just list what you want
to return. If you need the uri naming, you can use the "return mapped
attributes" feature; there's an example of that in my doc. Although that
may or may not be necessary depending on the SP.
CAS 5.3 has some improved
How do I set up user attributes for SAML 2.0?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups
29 matches
Mail list logo