subject:"Re\: \[cas\-user\] CAS 5 RC3 attribute lookup"

Re: [cas-user] CAS 5 RC3 attribute lookup

2016-10-14 Thread Richard Frovarp


On 10/13/2016 05:54 PM, Baron Fujimoto wrote:

On Thu, Oct 13, 2016 at 05:19:19PM -0500, Richard Frovarp wrote:

I'm very confused as to how to do attribute lookup with CAS 5.

In the actual service entry I have the return all attributes policy, so that
shouldn't be hanging me up.

I am doing AD / LDAP authentication, and it's also where my attributes are
at.

I don't see how

cas.authn.attributeRepository.attributes.uid=uid

does anything, because if I add another attribute there, nothing happens.

I don't see cas.authn.attributeRepository.ldap group of entries doing
anything.

I also don't see cas.authn.ldap[0].additionalAttributes doing much.

If I set cas.authn.ldap[0].principalAttributeList to have more attributes, it
appears to work. But it's also including uid, which isn't in my list. Is that
because of the entry above?

Do I even need to have the cas.authn.attributeRepository.ldap section?

cas.authn.attributeRepository.attributes.* are used as defaults unless set
otherwise and can have unexpected results (see my earlier post re cn being
remapped by cas.authn.attributeRepository.attributes.cn=commonName) I
believe these may be deprecated or changed in future releases.

I define all the attributes in cas.authn.ldap[0].principalAttributeList

Since we release all of them by default, what I actually do is define a
variable, and use that to factor out the list of attributes so I don't
have to replicate it in multipe places. YMMV.

our.default.attributes=\
   cn,\
   displayName,\
   ... etc ...
   mail,\
   uid

cas.authn.ldap[0].principalAttributeList=${our.default.attributes}
cas.authn.attributeRepository.defaultAttributesToRelease=${our.default.attributes}



Thanks for the info. I got that punched in and my config cleaned up 
quite a bit.


--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5eb60a82-e137-4f9b-335d-3a04ce7cb763%40ndsu.edu.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] CAS 5 RC3 attribute lookup

2016-10-13 Thread Baron Fujimoto

On Thu, Oct 13, 2016 at 05:19:19PM -0500, Richard Frovarp wrote:
>I'm very confused as to how to do attribute lookup with CAS 5.
>
>In the actual service entry I have the return all attributes policy, so that
>shouldn't be hanging me up.
>
>I am doing AD / LDAP authentication, and it's also where my attributes are
>at.
>
>I don't see how
>
>cas.authn.attributeRepository.attributes.uid=uid
>
>does anything, because if I add another attribute there, nothing happens.
>
>I don't see cas.authn.attributeRepository.ldap group of entries doing
>anything.
>
>I also don't see cas.authn.ldap[0].additionalAttributes doing much.
>
>If I set cas.authn.ldap[0].principalAttributeList to have more attributes, it
>appears to work. But it's also including uid, which isn't in my list. Is that
>because of the entry above?
>
>Do I even need to have the cas.authn.attributeRepository.ldap section?

cas.authn.attributeRepository.attributes.* are used as defaults unless set
otherwise and can have unexpected results (see my earlier post re cn being
remapped by cas.authn.attributeRepository.attributes.cn=commonName) I
believe these may be deprecated or changed in future releases.

I define all the attributes in cas.authn.ldap[0].principalAttributeList

Since we release all of them by default, what I actually do is define a
variable, and use that to factor out the list of attributes so I don't
have to replicate it in multipe places. YMMV.

our.default.attributes=\
  cn,\
  displayName,\
  ... etc ...
  mail,\
  uid

cas.authn.ldap[0].principalAttributeList=${our.default.attributes}
cas.authn.attributeRepository.defaultAttributesToRelease=${our.default.attributes}

>I know it's an RC and that the documentation isn't complete, but it feels
>like something is missing. Feels odd to be doing it in the authn area instead
>of the ldap entries under attributeRepository.
>
>Thanks,
>
>Richard

Aloha,
-baron
-- 
Baron Fujimoto  :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20161013225446.GG23083%40praenomen.mgt.hawaii.edu.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] CAS 5 RC3 attribute lookup

Re: [cas-user] CAS 5 RC3 attribute lookup

2 matches

Site Navigation

Mail list logo

Footer information