Robert,
I'm running 6.1.5 and when I try this config for my surrogate
authentication, no attributes get resolved for the surrogate (attributes
were 'map[[empty]]'). I've found that I need to add a separate attribute
repository for the same ldap in order to pull in any attributes for the
I changed my ldap active directory config, removed the attribute repository
stuff and changed the type to AUTHENTICATED.
The below config seems to be working well for me while using surrogacy with
LDAPS Active Directory:
# set some properties we can re-use in authn and attributeRepository
No error messages on login. I do not think that is is expected behavior.
When logging in as a surrogate it does not have duplicated values for the
properties.
See example below:
cn [bansecr_bondr]
The service registiries do not handle when there is duplicated values like
the "cn [BONDR,
Robert,
Is log in failing? Any error messages?
Could it be that the second entry is the surrogate; and if no surrogate is
supplied in the log in form, then the same subject exists for both [that is,
for the surrogate plugin, an array is required]?
Ray
On Mon, 2019-10-07 at 13:10 -0700,
Running into an odd doubling of attribute values when surrogate access is
enabled.
On CAS 6.1.0 RC6
Here is my Surrogate config, Active Directory Auth config, and Attribute
repository:
# Surrogate config
cas.authn.surrogate.separator=+