Re: [cas-user] Unable to get UID attribute in client side
Morning,
When you say you get 302, do you mean a 'too many redirects' message in the
browser?
Does your audit log say that the ticket was validated successfully?
The client application needs to be using https during ticket validation. If you
are using a self signed cert, add it to the jvm keystore.
The uid is released as part of the principal, after successful ST validation.
You can get it in your application with:
request.getRemoteUser()
or
request.getUserPrincipal()
Ray
On Tue, 2021-02-16 at 13:25 -0800, Morning Star wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hi Team,
CAS server - 6.2.3
CAS client - 3.6.2
We are not getting UID attribute in client side. We use CAS 2 protocol i,e
Cas20ProxyReceivingTicketValidationFilter.
Upon redirection, we are getting ticket value(ticket=) in url and after
successfull ticket validation got 302 http status code. Till this, it is
working as expected.
But we are not getting UID attribute in client side.
My JSON file :
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https://cx.example.com.*)",
"name" : "web",
"description" : "Allows HTTP(S) and IMAP(S) protocols",
"id" : 1001,
"evaluationOrder" : 1,
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "uid"
},
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "uid", "email", "CN" ] ],
}
}
DEBUG LOG:
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Initiating attributes release phase for principal [a...@test.com] accessing
service
[AbstractWebApplicationService(id=https://bexfept021.int.mgc.com:1/exx/cp?id=12345,
originalUrl=https:// bexfept021 .int.mgc.com:1/exx/cp?id=12345,
artifactId=null, principal=a...@test.com, source=service,
loggedOutAlready=false, format=XML, attributes={})] defined by registered
service [^(https:// cx.example.*)]...
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Using principal attribute repository [DefaultPrincipalAttributesRepository()]
to retrieve attributes
2021-02-16 12:57:51 [WARN]
org.apereo.cas.authentication.attribute.PrincipalAttributeRepositoryFetcher
– No person records were fetched from attribute repositories for
[{principal=a...@test.com, userStatus=[ACTIVE], tryCount=[0:1613505872733],
username=a...@test.com}]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Found principal attributes [{userStatus=[ACTIVE], tryCount=[0:1613505872733]}]
for [a...@test.com]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of [{}]
for [a...@test.com]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Default attributes for release are: [[]]
Tried adding these entries also:
cas.authn.ldap[0].principal-attribute-list=uid,mail,cn
cas.authn.attribute-repository.default-attributes-to-release=uid,mail,cn
It doesn't help.
Am I doing something wrong here? CAS2 protocol release UID right?
Kindly help me with some syntax:-(
Atleast want to know issue is from server side or client side.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/baf260d7adf6b8a64e6653e79498bfa7c06c705d.camel%40uvic.ca.
Re: [cas-user] Unable to get UID attribute in client side
I don't remember the fine specifics of the logs well enough to know. It's
possible that both are at fault? Make sure you are listing attributes to lookup
in your ldap attribute repository configuration. If they aren't there, that'll
be problem one. The other thing is that by default the CAS 2 protocol doesn't
do attribute return. You need to use CAS 3 protocol to get attribute return. It
was an extension for CAS 2 protocol, but I don't think the IdP is going to
follow that extension at CAS 6.2, but I may be wrong. The CAS 3 protocol
validation URL should be able to be used to get the attributes back, which is
typically at the/p3/ serviceValidate path.
On Tue, 2021-02-16 at 13:25 -0800, Morning Star wrote:
Hi Team,
CAS server - 6.2.3
CAS client - 3.6.2
We are not getting UID attribute in client side. We use CAS 2 protocol i,e
Cas20ProxyReceivingTicketValidationFilter.
Upon redirection, we are getting ticket value(ticket=) in url and after
successfull ticket validation got 302 http status code. Till this, it is
working as expected.
But we are not getting UID attribute in client side.
My JSON file :
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https://cx.example.com.*)",
"name" : "web",
"description" : "Allows HTTP(S) and IMAP(S) protocols",
"id" : 1001,
"evaluationOrder" : 1,
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "uid"
},
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "uid", "email", "CN" ] ],
}
}
DEBUG LOG:
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Initiating attributes release phase for principal [a...@test.com] accessing
service
[AbstractWebApplicationService(id=https://bexfept021.int.mgc.com:1/exx/cp?id=12345,
originalUrl=https:// bexfept021 .int.mgc.com:1/exx/cp?id=12345,
artifactId=null, principal=a...@test.com, source=service,
loggedOutAlready=false, format=XML, attributes={})] defined by registered
service [^(https:// cx.example.*)]...
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Using principal attribute repository [DefaultPrincipalAttributesRepository()]
to retrieve attributes
2021-02-16 12:57:51 [WARN]
org.apereo.cas.authentication.attribute.PrincipalAttributeRepositoryFetcher
– No person records were fetched from attribute repositories for
[{principal=a...@test.com, userStatus=[ACTIVE], tryCount=[0:1613505872733],
username=a...@test.com}]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Found principal attributes [{userStatus=[ACTIVE], tryCount=[0:1613505872733]}]
for [a...@test.com]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of [{}]
for [a...@test.com]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy –
Default attributes for release are: [[]]
Tried adding these entries also:
cas.authn.ldap[0].principal-attribute-list=uid,mail,cn
cas.authn.attribute-repository.default-attributes-to-release=uid,mail,cn
It doesn't help.
Am I doing something wrong here? CAS2 protocol release UID right?
Kindly help me with some syntax:-(
Atleast want to know issue is from server side or client side.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9d59de0656a8d8b43ece90c9768a27723140e40.camel%40ndsu.edu.
[cas-user] Unable to get UID attribute in client side
Hi Team,
CAS server - 6.2.3
CAS client - 3.6.2
We are not getting UID attribute in client side. We use CAS 2 protocol i,e
Cas20ProxyReceivingTicketValidationFilter.
Upon redirection, we are getting ticket value(ticket=) in url and after
successfull ticket validation got 302 http status code. Till this, it is
working as expected.
*But we are not getting UID attribute in client side.*
My JSON file :
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https://cx.example.com.*)",
"name" : "web",
"description" : "Allows HTTP(S) and IMAP(S) protocols",
"id" : 1001,
"evaluationOrder" : 1,
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "uid"
},
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "uid", "email", "CN" ]
],
}
}
*DEBUG LOG:*
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy
– Initiating attributes release phase for principal [a...@test.com]
accessing service
[AbstractWebApplicationService(id=https://bexfept021.int.mgc.com:1/exx/cp?id=12345,
originalUrl=https:// bexfept021 .int.mgc.com:1/exx/cp?id=12345,
artifactId=null, principal=a...@test.com, source=service,
loggedOutAlready=false, format=XML, attributes={})] defined by registered
service [^(https:// cx.example.*)]...
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy
– Using principal attribute repository
[DefaultPrincipalAttributesRepository()] to retrieve attributes
2021-02-16 12:57:51 [WARN]
org.apereo.cas.authentication.attribute.PrincipalAttributeRepositoryFetcher
– No person records were fetched from attribute repositories for
[{principal=a...@test.com, userStatus=[ACTIVE], tryCount=[0:1613505872733],
username=a...@test.com}]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy
– Found principal attributes [{userStatus=[ACTIVE],
tryCount=[0:1613505872733]}] for [a...@test.com]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy
– Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release
of [{}] for [a...@test.com]
2021-02-16 12:57:51 [DEBUG]
org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy
– Default attributes for release are: [[]]
*Tried adding these entries also:*
cas.authn.ldap[0].principal-attribute-list=uid,mail,cn
cas.authn.attribute-repository.default-attributes-to-release=uid,mail,cn
It doesn't help.
Am I doing something wrong here? CAS2 protocol release UID right?
Kindly help me with some syntax:-(
Atleast want to know issue is from server side or client side.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f6b66515-582b-4645-ae73-1477000ad459n%40apereo.org.
