[cas-user] Re: [Cas 6.0.7] Surrogate attributes are lost when account is selected in GUI mode

[Andy Ng]

Hi Michele,

I recalled I spent a few hours looking and testing into this issue, and 
didn't find any meaningful progress so I stopped my research.

Sorry to disappoint, let see if the others in the communities have more 
idea into this issue...

Cheers!
- Andy


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0c4bf08-0b70-4196-a96e-bbdb1cac5c56%40apereo.org.

[cas-user] Re: [Cas 6.0.7] Surrogate attributes are lost when account is selected in GUI mode

[Andy Ng]

Hi Michele,

I see, you are talking about can't receive the *principal *attribute.

Kind of busy these days, when free will take a look into it.

- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/01422b1a-916a-4596-a08f-3395aa469cc6%40apereo.org.

[cas-user] Re: [Cas 6.0.7] Surrogate attributes are lost when account is selected in GUI mode

[Michele Melluso]

Hi Andy,

I did setup my environment as yours and I also receive the surrogate user 
attributes.

My problem is about these ones:
https://apereo.github.io/cas/6.0.x/installation/Surrogate-Authentication.html#surrogate-attributes

In both methods I correctly receive surrogate user attributes,
but only in preselection mode i receive surrogate principal ones.

I tried with you suggested json conf both in cas 6.0 and 6.2 versions.

Thanks again
Michele

On Friday, December 6, 2019 at 3:03:45 PM UTC+1, Andy Ng wrote:
>
> Hi Michele,
>
> I have setup a surrogate authentication demo in my testing docker 
> environment 
> ,
>  
> I tried both CAS version 6.0.7 and 6.1.2 and the surrogate attribute seems 
> to be working just fine.
>
> I don't want to setup the exact config as yours, since it might take some 
> time. Instead, I used the following setup :
> - Static Authentication
> - Json Attribute Storage
> - Json Surrogate Authentication mapping
> - PHPCas Client
>
> I got the following account setup:
> - Username: *surrogate-admin*, Attribute: name = Surrogate Admin
> - Username: *surrogate-user*, Attribute: name = Surrogate User
> - And *surrogate-admin* and *surrogate-user* is a surrogate relationship.
>
> *Result in the testing enviornment is that:*
> After login with *surrogate-user* using *surrogate-admin* credential, my 
> client shows the correct attributes (Surrogate User).
>
>
>
> Is the above something similar to what you want to archive? Or by 
> surrogate attribute you have different envision of how the attribute should 
> be retrieved?
>
> I will paste some of my config below so you can have a look if you like to:
>
> ---
> *cas.yml*
> cas.authn.accept.users: 
> surrogate-admin::Mellon,surrogate-user::Mellon,surrogate-user2::Mellon
>
> cas.authn.surrogate.json.location: 
> file://${RESOURCE_PATH}/${PROTOCOL_SURROGATE_AUTHENTICATION_PATH}/surrogate.json
> cas.authn.attributeRepository.json:
> - location: 
> file://${RESOURCE_PATH}/${PROTOCOL_SURROGATE_AUTHENTICATION_PATH}/surrogate-attributes.json
>
>
> *surrogate-attributes.json*
> {
> "surrogate-user": {
> "name":["Surrogate User"]
> },
> "surrogate-user2": {
> "name":["Surrogate User2"]
> },
> "surrogate-admin": {
> "name":["Surrogate Admin"]
> }
> }
>
> *surrogate.json*
> {
> "surrogate-admin": ["surrogate-user", "surrogate-user2"]
> }
>
>
> And I login using the following 2 methods:
> - GUI mode: `+surrogate-admin` as , `Mellon` as password. Then select 
> my surrogate target.
> - preselection mode: `surrogate-admin+surrogate-user` as username, 
> `Mellon` as password.
>
>
> See if the above helps...
>
>
> Cheers!
> - Andy
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/203cf25e-5fab-403b-8726-cebea84685db%40apereo.org.

[cas-user] Re: [Cas 6.0.7] Surrogate attributes are lost when account is selected in GUI mode

[Andy Ng]

Hi Michele,

I have setup a surrogate authentication demo in my testing docker 
environment 
,
 
I tried both CAS version 6.0.7 and 6.1.2 and the surrogate attribute seems 
to be working just fine.

I don't want to setup the exact config as yours, since it might take some 
time. Instead, I used the following setup :
- Static Authentication
- Json Attribute Storage
- Json Surrogate Authentication mapping
- PHPCas Client

I got the following account setup:
- Username: *surrogate-admin*, Attribute: name = Surrogate Admin
- Username: *surrogate-user*, Attribute: name = Surrogate User
- And *surrogate-admin* and *surrogate-user* is a surrogate relationship.

*Result in the testing enviornment is that:*
After login with *surrogate-user* using *surrogate-admin* credential, my 
client shows the correct attributes (Surrogate User).



Is the above something similar to what you want to archive? Or by surrogate 
attribute you have different envision of how the attribute should be 
retrieved?

I will paste some of my config below so you can have a look if you like to:
---
*cas.yml*
cas.authn.accept.users: 
surrogate-admin::Mellon,surrogate-user::Mellon,surrogate-user2::Mellon

cas.authn.surrogate.json.location: 
file://${RESOURCE_PATH}/${PROTOCOL_SURROGATE_AUTHENTICATION_PATH}/surrogate.json
cas.authn.attributeRepository.json:
- location: 
file://${RESOURCE_PATH}/${PROTOCOL_SURROGATE_AUTHENTICATION_PATH}/surrogate-attributes.json


*surrogate-attributes.json*
{
"surrogate-user": {
"name":["Surrogate User"]
},
"surrogate-user2": {
"name":["Surrogate User2"]
},
"surrogate-admin": {
"name":["Surrogate Admin"]
}
}

*surrogate.json*
{
"surrogate-admin": ["surrogate-user", "surrogate-user2"]
}


And I login using the following 2 methods:
- GUI mode: `+surrogate-admin` as , `Mellon` as password. Then select 
my surrogate target.
- preselection mode: `surrogate-admin+surrogate-user` as username, 
`Mellon` as password.


See if the above helps...


Cheers!
- Andy


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/79ce5a89-0fbd-43aa-a4f7-d4424df152ee%40apereo.org.