Re: [cas-user] Stumped on attribute release in CAS 5.1

[Toby Archer]

Thanks everyone for the help. I've got attributes showing up now. It seems 
that it was entirely the protocol issue. It took me a little but I managed 
to delve into the library I was using and figure out how to get CAS 3.0 
working on it. 

Thanks for the tip Mike. I will keep that in mind for future reference. 
Depending on how some of my integrations go, it may be necessary. 

On Monday, February 26, 2018 at 2:49:25 PM UTC-6, Mike Kromarek wrote:
>
> If you want to release attributes under CAS 2.0 protocol, here (
> https://kogentadono.com/2017/08/30/attribute-release-cas-5-1-x-for-cas-2-0-protocol/)
>  
> is a post I wrote up a while back.
>
> Also, attached is the file you'll need to put in your war overlay to make 
> release work.  It should live in src/main/resources/templates/protocol/2.0
>
> --Mike K.
>
>
>
> On Mon, Feb 26, 2018 at 9:30 AM, Ray Bon  
> wrote:
>
>> Toby,
>>
>> It looks like your client is using CAS 2.0 protocol.
>> Attribute release can be done with SAML 1.1 and CAS 3.0 protocol.
>>
>> Ray
>>
>> On Mon, 2018-02-26 at 07:41 -0800, Toby Archer wrote:
>>
>> With the addition of those loggers and a little tweeking I got some info 
>> that should be useful. Firstly: 
>>
>> 2018-02-26 15:36:46,731 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> > attributes for [toben.archer]>
>> 2018-02-26 15:36:46,731 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> > [{}] for [toben.archer]>
>> 2018-02-26 15:36:46,732 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>> 2018-02-26 15:36:46,732 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>> 2018-02-26 15:36:46,733 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> > any>
>> 2018-02-26 15:36:46,733 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> > mail]]>
>> 2018-02-26 15:36:46,733 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>> 2018-02-26 15:36:46,734 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>> 2018-02-26 15:36:46,744 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>> 2018-02-26 15:36:46,744 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>> 2018-02-26 15:36:46,745 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> > Archer], givenName=Toben, mail=toben@usd.edu , 
>> uid=uid}]>
>> 2018-02-26 15:36:46,745 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>> 2018-02-26 15:36:46,745 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>> 2018-02-26 15:36:46,746 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> > Archer], givenName=Toben, mail=toben@usd.edu , 
>> uid=uid}]>
>>
>> That looks good! That looks like everything I wanted it to say. excep 
>> this part "Attribute policy [ReturnAllowedAttributeReleasePolicy] allows 
>> release of [{}] for [toben.archer]" seems to contradict this part "Final 
>> collection of attributes allowed are: [{cn=[Toben Archer, Toben D Archer], 
>> givenName=Toben, mail=toben@usd.edu , uid=uid}]". But 
>> anyway, it looks like the attributes that I should be seeing in my cas 
>> request are there, cn, givenName, and mail all look right (uid=uid is 
>> wrong, but it should at least be present). 
>>
>> I had some concern that maybe something was going wrong in my library, so 
>> I tweaked it to give me the raw XML output:
>>
>> 
>> 
>> toben.archer
>> 
>> 
>>
>> The attributes should be in this xml right? 
>>
>> On Friday, February 23, 2018 at 4:28:55 PM UTC-6, rbon wrote: 
>>
>> In the project in etc/cas/config there is a log4j.xml.
>>
>> When you say 'gradle to build CAS' do you mean the 
>> cas-gradle-overlay-template or cas proper? Use an overlay unless you are 
>> planning on developing CAS. https://github.com/apereo/
>>
>> Ray
>>
>> On Fri, 2018-02-23 at 13:57 -0800, Toby Archer wrote:
>>
>> That sounds like a good idea. Pardon my ignorance, but I'm not sure where 
>> to place those logger definitions. I'm using gradle to build CAS and I 
>> don't see any xml files in the build process or in the configuration files. 
>>
>> On Friday, February 23, 2018 at 3:39:31 PM UTC-6, rbon wrote: 
>>
>> Toby,
>>
>> You may need to adjust your service (service registry) to allow the 
>> attributes to be released.
>> These log settings may be useful:
>> 
>> > name="org.apereo.cas.authentication.LdapAuthenticationHandler" 
>> level="debug" />
>>
>> 
>> > name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>>  
>> level="debug"/>
>>
>> Ray
>>
>> On 

Re: [cas-user] Stumped on attribute release in CAS 5.1

[michael kromarek]

If you want to release attributes under CAS 2.0 protocol, here (
https://kogentadono.com/2017/08/30/attribute-release-cas-5-1-x-for-cas-2-0-protocol/)
is a post I wrote up a while back.

Also, attached is the file you'll need to put in your war overlay to make
release work.  It should live in src/main/resources/templates/protocol/2.0

--Mike K.



On Mon, Feb 26, 2018 at 9:30 AM, Ray Bon  wrote:

> Toby,
>
> It looks like your client is using CAS 2.0 protocol.
> Attribute release can be done with SAML 1.1 and CAS 3.0 protocol.
>
> Ray
>
> On Mon, 2018-02-26 at 07:41 -0800, Toby Archer wrote:
>
> With the addition of those loggers and a little tweeking I got some info
> that should be useful. Firstly:
>
> 2018-02-26 15:36:46,731 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  policy [ReturnAllowedAttributeReleasePolicy] to process attributes for
> [toben.archer]>
> 2018-02-26 15:36:46,731 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  ReturnAllowedAttributeReleasePolicy] allows release of [{}] for
> [toben.archer]>
> 2018-02-26 15:36:46,732 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  policy attributes and default attributes>
> 2018-02-26 15:36:46,732 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  attribute policy attributes>
> 2018-02-26 15:36:46,733 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  context. Retrieving default attributes for release, if any>
> 2018-02-26 15:36:46,733 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  for release are: [[cn, givenName, uid, affiliation, mail]]>
> 2018-02-26 15:36:46,733 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  default attribute for release: [cn]>
> 2018-02-26 15:36:46,734 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  default attribute for release: [givenName]>
> 2018-02-26 15:36:46,744 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  default attribute for release: [uid]>
> 2018-02-26 15:36:46,744 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  default attribute for release: [mail]>
> 2018-02-26 15:36:46,745 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  found to be released are [{cn=[Toben Archer, Toben D Archer],
> givenName=Toben, mail=toben.arc...@usd.edu, uid=uid}]>
> 2018-02-26 15:36:46,745 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  attributes first to the released set of attributes>
> 2018-02-26 15:36:46,745 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  attributes to the released set of attributes>
> 2018-02-26 15:36:46,746 DEBUG [org.apereo.cas.services.
> AbstractRegisteredServiceAttributeReleasePolicy] -  attributes allowed are: [{cn=[Toben Archer, Toben D Archer],
> givenName=Toben, mail=toben.arc...@usd.edu, uid=uid}]>
>
> That looks good! That looks like everything I wanted it to say. excep this
> part "Attribute policy [ReturnAllowedAttributeReleasePolicy] allows
> release of [{}] for [toben.archer]" seems to contradict this part "Final
> collection of attributes allowed are: [{cn=[Toben Archer, Toben D Archer],
> givenName=Toben, mail=toben.arc...@usd.edu, uid=uid}]". But anyway, it
> looks like the attributes that I should be seeing in my cas request are
> there, cn, givenName, and mail all look right (uid=uid is wrong, but it
> should at least be present).
>
> I had some concern that maybe something was going wrong in my library, so
> I tweaked it to give me the raw XML output:
>
> 
> 
> toben.archer
> 
> 
>
> The attributes should be in this xml right?
>
> On Friday, February 23, 2018 at 4:28:55 PM UTC-6, rbon wrote:
>
> In the project in etc/cas/config there is a log4j.xml.
>
> When you say 'gradle to build CAS' do you mean the
> cas-gradle-overlay-template or cas proper? Use an overlay unless you are
> planning on developing CAS. https://github.com/apereo/
>
> Ray
>
> On Fri, 2018-02-23 at 13:57 -0800, Toby Archer wrote:
>
> That sounds like a good idea. Pardon my ignorance, but I'm not sure where
> to place those logger definitions. I'm using gradle to build CAS and I
> don't see any xml files in the build process or in the configuration files.
>
> On Friday, February 23, 2018 at 3:39:31 PM UTC-6, rbon wrote:
>
> Toby,
>
> You may need to adjust your service (service registry) to allow the
> attributes to be released.
> These log settings may be useful:
> 
> 
>
> 
> 
>
> Ray
>
> On Fri, 2018-02-23 at 12:36 -0800, Toby Archer wrote:
>
> I'm trying to figure out how to do attribute release and haven't gotten
> anywhere. I've read all the pages like this one:
> 

Re: [cas-user] Stumped on attribute release in CAS 5.1

[Ray Bon]

Toby,

It looks like your client is using CAS 2.0 protocol.
Attribute release can be done with SAML 1.1 and CAS 3.0 protocol.

Ray

On Mon, 2018-02-26 at 07:41 -0800, Toby Archer wrote:
With the addition of those loggers and a little tweeking I got some info that 
should be useful. Firstly:

2018-02-26 15:36:46,731 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,731 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,732 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,732 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,733 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,733 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,733 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,734 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,744 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,744 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,745 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,745 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,745 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,746 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

That looks good! That looks like everything I wanted it to say. excep this part 
"Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of [{}] 
for [toben.archer]" seems to contradict this part "Final collection of 
attributes allowed are: [{cn=[Toben Archer, Toben D Archer], givenName=Toben, 
mail=toben.arc...@usd.edu, uid=uid}]". But anyway, it looks like the attributes 
that I should be seeing in my cas request are there, cn, givenName, and mail 
all look right (uid=uid is wrong, but it should at least be present).

I had some concern that maybe something was going wrong in my library, so I 
tweaked it to give me the raw XML output:



toben.archer



The attributes should be in this xml right?

On Friday, February 23, 2018 at 4:28:55 PM UTC-6, rbon wrote:
In the project in etc/cas/config there is a log4j.xml.

When you say 'gradle to build CAS' do you mean the cas-gradle-overlay-template 
or cas proper? Use an overlay unless you are planning on developing CAS. 
https://github.com/apereo/

Ray

On Fri, 2018-02-23 at 13:57 -0800, Toby Archer wrote:
That sounds like a good idea. Pardon my ignorance, but I'm not sure where to 
place those logger definitions. I'm using gradle to build CAS and I don't see 
any xml files in the build process or in the configuration files.

On Friday, February 23, 2018 at 3:39:31 PM UTC-6, rbon wrote:
Toby,

You may need to adjust your service (service registry) to allow the attributes 
to be released.
These log settings may be useful:






Ray

On Fri, 2018-02-23 at 12:36 -0800, Toby Archer wrote:
I'm trying to figure out how to do attribute release and haven't gotten 
anywhere. I've read all the pages like this one: 
https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html 
and tried searching this mailing list and followed instructions like in this 
one: 
https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/attribute/cas-user/VVaONIp1Ts0/Hedpv2uGAwAJ

Right now I'm using ldap for both authentication and attributes. The relevant 
part of my cas.properties file looks like this:

# LDAP Auth
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
cas.authn.ldap[0].baseDn=o=usd.edu
cas.authn.ldap[0].userFilter=uid=%u
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].bindDn=cn=Directory Manager
cas.authn.ldap[0].bindCredential=password
cas.authn.ldap[0].userFilter=uid={user}
cas.authn.ldap[0].dnFormat=uid=%s,ou=people
cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
cas.authn.ldap[0].keyStorePassword=password
cas.authn.ldap[0].name=dev-ldap7-1

cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
cas.authn.ldap[0].principalAttributeList=cn,sn,mail

cas.authn.attributeRepository.defaultAttributesToRelease=cn,sn,mail

cas.authn.attributeRepository.stub.attributes.uid=uid
cas.authn.attributeRepository.stub.attributes.displayName=displayName
cas.authn.attributeRepository.stub.attributes.cn=commonName

Re: [cas-user] Stumped on attribute release in CAS 5.1

[Toby Archer]

With the addition of those loggers and a little tweeking I got some info 
that should be useful. Firstly: 

2018-02-26 15:36:46,731 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,731 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,732 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,732 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,733 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,733 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,733 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,734 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,744 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,744 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,745 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,745 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,745 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 

2018-02-26 15:36:46,746 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


That looks good! That looks like everything I wanted it to say. excep this 
part "Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release 
of [{}] for [toben.archer]" seems to contradict this part "Final collection 
of attributes allowed are: [{cn=[Toben Archer, Toben D Archer], 
givenName=Toben, mail=toben.arc...@usd.edu, uid=uid}]". But anyway, it 
looks like the attributes that I should be seeing in my cas request are 
there, cn, givenName, and mail all look right (uid=uid is wrong, but it 
should at least be present). 

I had some concern that maybe something was going wrong in my library, so I 
tweaked it to give me the raw XML output:



toben.archer



The attributes should be in this xml right? 

On Friday, February 23, 2018 at 4:28:55 PM UTC-6, rbon wrote:
>
> In the project in etc/cas/config there is a log4j.xml.
>
> When you say 'gradle to build CAS' do you mean the 
> cas-gradle-overlay-template or cas proper? Use an overlay unless you are 
> planning on developing CAS. https://github.com/apereo/
>
> Ray
>
> On Fri, 2018-02-23 at 13:57 -0800, Toby Archer wrote:
>
> That sounds like a good idea. Pardon my ignorance, but I'm not sure where 
> to place those logger definitions. I'm using gradle to build CAS and I 
> don't see any xml files in the build process or in the configuration files. 
>
> On Friday, February 23, 2018 at 3:39:31 PM UTC-6, rbon wrote: 
>
> Toby,
>
> You may need to adjust your service (service registry) to allow the 
> attributes to be released.
> These log settings may be useful:
> 
>  name="org.apereo.cas.authentication.LdapAuthenticationHandler" 
> level="debug" />
>
> 
>  name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>  
> level="debug"/>
>
> Ray
>
> On Fri, 2018-02-23 at 12:36 -0800, Toby Archer wrote:
>
> I'm trying to figure out how to do attribute release and haven't gotten 
> anywhere. I've read all the pages like this one: 
> https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html
>  
> and tried searching this mailing list and followed instructions like in 
> this one: 
> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/attribute/cas-user/VVaONIp1Ts0/Hedpv2uGAwAJ
>
> Right now I'm using ldap for both authentication and attributes. The 
> relevant part of my cas.properties file looks like this:
>
> # LDAP Auth
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
> cas.authn.ldap[0].baseDn=o=usd.edu
> cas.authn.ldap[0].userFilter=uid=%u
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].bindDn=cn=Directory Manager
> cas.authn.ldap[0].bindCredential=password
> cas.authn.ldap[0].userFilter=uid={user}
> cas.authn.ldap[0].dnFormat=uid=%s,ou=people
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keyStorePassword=password
> cas.authn.ldap[0].name=dev-ldap7-1
>
> cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
> cas.authn.ldap[0].principalAttributeList=cn,sn,mail
>
> cas.authn.attributeRepository.defaultAttributesToRelease=cn,sn,mail
>
> cas.authn.attributeRepository.stub.attributes.uid=uid
> cas.authn.attributeRepository.stub.attributes.displayName=displayName
> cas.authn.attributeRepository.stub.attributes.cn=commonName
>
> 

Re: [cas-user] Stumped on attribute release in CAS 5.1

[Ray Bon]

In the project in etc/cas/config there is a log4j.xml.

When you say 'gradle to build CAS' do you mean the cas-gradle-overlay-template 
or cas proper? Use an overlay unless you are planning on developing CAS. 
https://github.com/apereo/

Ray

On Fri, 2018-02-23 at 13:57 -0800, Toby Archer wrote:
That sounds like a good idea. Pardon my ignorance, but I'm not sure where to 
place those logger definitions. I'm using gradle to build CAS and I don't see 
any xml files in the build process or in the configuration files.

On Friday, February 23, 2018 at 3:39:31 PM UTC-6, rbon wrote:
Toby,

You may need to adjust your service (service registry) to allow the attributes 
to be released.
These log settings may be useful:






Ray

On Fri, 2018-02-23 at 12:36 -0800, Toby Archer wrote:
I'm trying to figure out how to do attribute release and haven't gotten 
anywhere. I've read all the pages like this one: 
https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html 
and tried searching this mailing list and followed instructions like in this 
one: 
https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/attribute/cas-user/VVaONIp1Ts0/Hedpv2uGAwAJ

Right now I'm using ldap for both authentication and attributes. The relevant 
part of my cas.properties file looks like this:

# LDAP Auth
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
cas.authn.ldap[0].baseDn=o=usd.edu
cas.authn.ldap[0].userFilter=uid=%u
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].bindDn=cn=Directory Manager
cas.authn.ldap[0].bindCredential=password
cas.authn.ldap[0].userFilter=uid={user}
cas.authn.ldap[0].dnFormat=uid=%s,ou=people
cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
cas.authn.ldap[0].keyStorePassword=password
cas.authn.ldap[0].name=dev-ldap7-1

cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
cas.authn.ldap[0].principalAttributeList=cn,sn,mail

cas.authn.attributeRepository.defaultAttributesToRelease=cn,sn,mail

cas.authn.attributeRepository.stub.attributes.uid=uid
cas.authn.attributeRepository.stub.attributes.displayName=displayName
cas.authn.attributeRepository.stub.attributes.cn=commonName

cas.authn.attributeRepository.ldap[0].type=AUTHENTICATED
cas.authn.attributeRepository.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
cas.authn.attributeRepository.ldap[0].baseDn=o=usd.edu
cas.authn.attributeRepository.ldap[0].userFilter=uid=%u
cas.authn.attributeRepository.ldap[0].subtreeSearch=true
cas.authn.attributeRepository.ldap[0].bindDn=cn=Directory Manager
cas.authn.attributeRepository.ldap[0].bindCredential=password
cas.authn.attributeRepository.ldap[0].userFilter=uid={user}
cas.authn.attributeRepository.ldap[0].dnFormat=uid=%s,uo=people
cas.authn.attributeRepository.ldap[0].keystore=file:/etc/cas/thekeystore
cas.authn.attributeRepository.ldap[0].keyStorePassword=password
cas.authn.attributeRepository.ldap[0].name=dev-ldap7-1

cas.authn.attributeRepository.ldap[0].uid=uid
cas.authn.attributeRepository.ldap[0].displayName=displayName
cas.authn.attributeRepository.ldap[0].cn=commonName
cas.authn.attributeRepository.ldap[0].mail=mail
cas.authn.attributeRepository.ldap[0].sn=sn

There are configurations for a couple of different attempts, but regardless of 
what I do get back no attributes. The docs talk about the personDirectory but 
either don't give instructions on how to configure it or give instructions for 
cas 4. I'm at a bit of a loss on what to do. Any advise out there?

--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca


--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1519424924.1765.92.camel%40uvic.ca.

Re: [cas-user] Stumped on attribute release in CAS 5.1

[Toby Archer]

That sounds like a good idea. Pardon my ignorance, but I'm not sure where 
to place those logger definitions. I'm using gradle to build CAS and I 
don't see any xml files in the build process or in the configuration files. 

On Friday, February 23, 2018 at 3:39:31 PM UTC-6, rbon wrote:
>
> Toby,
>
> You may need to adjust your service (service registry) to allow the 
> attributes to be released.
> These log settings may be useful:
> 
>  name="org.apereo.cas.authentication.LdapAuthenticationHandler" 
> level="debug" />
>
> 
>  name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>  
> level="debug"/>
>
> Ray
>
> On Fri, 2018-02-23 at 12:36 -0800, Toby Archer wrote:
>
> I'm trying to figure out how to do attribute release and haven't gotten 
> anywhere. I've read all the pages like this one: 
> https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html
>  
> and tried searching this mailing list and followed instructions like in 
> this one: 
> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/attribute/cas-user/VVaONIp1Ts0/Hedpv2uGAwAJ
>
> Right now I'm using ldap for both authentication and attributes. The 
> relevant part of my cas.properties file looks like this:
>
> # LDAP Auth
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
> cas.authn.ldap[0].baseDn=o=usd.edu
> cas.authn.ldap[0].userFilter=uid=%u
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].bindDn=cn=Directory Manager
> cas.authn.ldap[0].bindCredential=password
> cas.authn.ldap[0].userFilter=uid={user}
> cas.authn.ldap[0].dnFormat=uid=%s,ou=people
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keyStorePassword=password
> cas.authn.ldap[0].name=dev-ldap7-1
>
> cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
> cas.authn.ldap[0].principalAttributeList=cn,sn,mail
>
> cas.authn.attributeRepository.defaultAttributesToRelease=cn,sn,mail
>
> cas.authn.attributeRepository.stub.attributes.uid=uid
> cas.authn.attributeRepository.stub.attributes.displayName=displayName
> cas.authn.attributeRepository.stub.attributes.cn=commonName
>
> cas.authn.attributeRepository.ldap[0].type=AUTHENTICATED
> cas.authn.attributeRepository.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
> cas.authn.attributeRepository.ldap[0].baseDn=o=usd.edu
> cas.authn.attributeRepository.ldap[0].userFilter=uid=%u
> cas.authn.attributeRepository.ldap[0].subtreeSearch=true
> cas.authn.attributeRepository.ldap[0].bindDn=cn=Directory Manager
> cas.authn.attributeRepository.ldap[0].bindCredential=password
> cas.authn.attributeRepository.ldap[0].userFilter=uid={user}
> cas.authn.attributeRepository.ldap[0].dnFormat=uid=%s,uo=people
> cas.authn.attributeRepository.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.attributeRepository.ldap[0].keyStorePassword=password
> cas.authn.attributeRepository.ldap[0].name=dev-ldap7-1
>
> cas.authn.attributeRepository.ldap[0].uid=uid
> cas.authn.attributeRepository.ldap[0].displayName=displayName
> cas.authn.attributeRepository.ldap[0].cn=commonName
> cas.authn.attributeRepository.ldap[0].mail=mail
> cas.authn.attributeRepository.ldap[0].sn=sn
>
> There are configurations for a couple of different attempts, but 
> regardless of what I do get back no attributes. The docs talk about the 
> personDirectory but either don't give instructions on how to configure it 
> or give instructions for cas 4. I'm at a bit of a loss on what to do. Any 
> advise out there?
>
> -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca 
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ed9d39b0-c2bd-4c13-9257-fb9c43a68a1f%40apereo.org.

Re: [cas-user] Stumped on attribute release in CAS 5.1

[Toby Archer]

I'm using CAS-Flask  because 
it's quick and easy to test with. I have it printing out all attributes it 
recieves from CAS, it is receiving none. So I expect to recieve a list of 
my name, last name, and email, but get nothing. But perhaps I'm testing 
wrong? Do you have a suggestion on how to go about testing what I'm getting 
from CAS?

There is no reason to separate those first two steps. Originally I had them 
combined, but it wasn't working, so I separated them in an effort to try 
everything. No dice. The any and all applications is correct for now. I 
figured I could figure out how to restrict it once I established that I'm 
actually getting attributes to flow through. This is dev so it doesn't 
matter. 

On Friday, February 23, 2018 at 3:37:33 PM UTC-6, Misagh Moayyed wrote:
>
> What do you expect to happen, and what is actually happen that you 
> consider erroneous? How are you testing the attribute release bit? 
>
> Not having verified every setting, your config below says: authenticate 
> with ldap, fetch attributes from ldap and release 3 attributes to any and 
> all applications. The first two steps can be combined unless you have good 
> reason not to. 
>
> --Misagh
>
> --
>
> *From: *"Toby Archer" 
> *To: *"CAS Community" 
> *Sent: *Friday, February 23, 2018 1:36:32 PM
> *Subject: *[cas-user] Stumped on attribute release in CAS 5.1
>
> I'm trying to figure out how to do attribute release and haven't gotten 
> anywhere. I've read all the pages like this one: 
> https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html
>  
> and tried searching this mailing list and followed instructions like in 
> this one: 
> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/attribute/cas-user/VVaONIp1Ts0/Hedpv2uGAwAJ
>
> Right now I'm using ldap for both authentication and attributes. The 
> relevant part of my cas.properties file looks like this:
>
> # LDAP Auth
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
> cas.authn.ldap[0].baseDn=o=usd.edu
> cas.authn.ldap[0].userFilter=uid=%u
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].bindDn=cn=Directory Manager
> cas.authn.ldap[0].bindCredential=password
> cas.authn.ldap[0].userFilter=uid={user}
> cas.authn.ldap[0].dnFormat=uid=%s,ou=people
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keyStorePassword=password
> cas.authn.ldap[0].name=dev-ldap7-1
>
> cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
> cas.authn.ldap[0].principalAttributeList=cn,sn,mail
>
> cas.authn.attributeRepository.defaultAttributesToRelease=cn,sn,mail
>
> cas.authn.attributeRepository.stub.attributes.uid=uid
> cas.authn.attributeRepository.stub.attributes.displayName=displayName
> cas.authn.attributeRepository.stub.attributes.cn=commonName
>
> cas.authn.attributeRepository.ldap[0].type=AUTHENTICATED
> cas.authn.attributeRepository.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
> cas.authn.attributeRepository.ldap[0].baseDn=o=usd.edu
> cas.authn.attributeRepository.ldap[0].userFilter=uid=%u
> cas.authn.attributeRepository.ldap[0].subtreeSearch=true
> cas.authn.attributeRepository.ldap[0].bindDn=cn=Directory Manager
> cas.authn.attributeRepository.ldap[0].bindCredential=password
> cas.authn.attributeRepository.ldap[0].userFilter=uid={user}
> cas.authn.attributeRepository.ldap[0].dnFormat=uid=%s,uo=people
> cas.authn.attributeRepository.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.attributeRepository.ldap[0].keyStorePassword=password
> cas.authn.attributeRepository.ldap[0].name=dev-ldap7-1
>
> cas.authn.attributeRepository.ldap[0].uid=uid
> cas.authn.attributeRepository.ldap[0].displayName=displayName
> cas.authn.attributeRepository.ldap[0].cn=commonName
> cas.authn.attributeRepository.ldap[0].mail=mail
> cas.authn.attributeRepository.ldap[0].sn=sn
>
> There are configurations for a couple of different attempts, but 
> regardless of what I do get back no attributes. The docs talk about the 
> personDirectory but either don't give instructions on how to configure it 
> or give instructions for cas 4. I'm at a bit of a loss on what to do. Any 
> advise out there?
>
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c0327b4c-528a-476f-8e2e-e5ee82024744%40apereo.org
>  
> 

Re: [cas-user] Stumped on attribute release in CAS 5.1

[Ray Bon]

Toby,

You may need to adjust your service (service registry) to allow the attributes 
to be released.
These log settings may be useful:






Ray

On Fri, 2018-02-23 at 12:36 -0800, Toby Archer wrote:
I'm trying to figure out how to do attribute release and haven't gotten 
anywhere. I've read all the pages like this one: 
https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html 
and tried searching this mailing list and followed instructions like in this 
one: 
https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/attribute/cas-user/VVaONIp1Ts0/Hedpv2uGAwAJ

Right now I'm using ldap for both authentication and attributes. The relevant 
part of my cas.properties file looks like this:

# LDAP Auth
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
cas.authn.ldap[0].baseDn=o=usd.edu
cas.authn.ldap[0].userFilter=uid=%u
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].bindDn=cn=Directory Manager
cas.authn.ldap[0].bindCredential=password
cas.authn.ldap[0].userFilter=uid={user}
cas.authn.ldap[0].dnFormat=uid=%s,ou=people
cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
cas.authn.ldap[0].keyStorePassword=password
cas.authn.ldap[0].name=dev-ldap7-1

cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
cas.authn.ldap[0].principalAttributeList=cn,sn,mail

cas.authn.attributeRepository.defaultAttributesToRelease=cn,sn,mail

cas.authn.attributeRepository.stub.attributes.uid=uid
cas.authn.attributeRepository.stub.attributes.displayName=displayName
cas.authn.attributeRepository.stub.attributes.cn=commonName

cas.authn.attributeRepository.ldap[0].type=AUTHENTICATED
cas.authn.attributeRepository.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
cas.authn.attributeRepository.ldap[0].baseDn=o=usd.edu
cas.authn.attributeRepository.ldap[0].userFilter=uid=%u
cas.authn.attributeRepository.ldap[0].subtreeSearch=true
cas.authn.attributeRepository.ldap[0].bindDn=cn=Directory Manager
cas.authn.attributeRepository.ldap[0].bindCredential=password
cas.authn.attributeRepository.ldap[0].userFilter=uid={user}
cas.authn.attributeRepository.ldap[0].dnFormat=uid=%s,uo=people
cas.authn.attributeRepository.ldap[0].keystore=file:/etc/cas/thekeystore
cas.authn.attributeRepository.ldap[0].keyStorePassword=password
cas.authn.attributeRepository.ldap[0].name=dev-ldap7-1

cas.authn.attributeRepository.ldap[0].uid=uid
cas.authn.attributeRepository.ldap[0].displayName=displayName
cas.authn.attributeRepository.ldap[0].cn=commonName
cas.authn.attributeRepository.ldap[0].mail=mail
cas.authn.attributeRepository.ldap[0].sn=sn

There are configurations for a couple of different attempts, but regardless of 
what I do get back no attributes. The docs talk about the personDirectory but 
either don't give instructions on how to configure it or give instructions for 
cas 4. I'm at a bit of a loss on what to do. Any advise out there?

--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1519421956.1765.81.camel%40uvic.ca.

Re: [cas-user] Stumped on attribute release in CAS 5.1

[Misagh Moayyed]

What do you expect to happen, and what is actually happen that you consider 
erroneous? How are you testing the attribute release bit? 

Not having verified every setting, your config below says: authenticate with 
ldap, fetch attributes from ldap and release 3 attributes to any and all 
applications. The first two steps can be combined unless you have good reason 
not to. 

--Misagh 

> From: "Toby Archer" 
> To: "CAS Community" 
> Sent: Friday, February 23, 2018 1:36:32 PM
> Subject: [cas-user] Stumped on attribute release in CAS 5.1

> I'm trying to figure out how to do attribute release and haven't gotten
> anywhere. I've read all the pages like this one:
> https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html
> and tried searching this mailing list and followed instructions like in this
> one:
> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/attribute/cas-user/VVaONIp1Ts0/Hedpv2uGAwAJ

> Right now I'm using ldap for both authentication and attributes. The relevant
> part of my cas.properties file looks like this:

> # LDAP Auth
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
> cas.authn.ldap[0].baseDn=o=usd.edu
> cas.authn.ldap[0].userFilter=uid=%u
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].bindDn=cn=Directory Manager
> cas.authn.ldap[0].bindCredential=password
> cas.authn.ldap[0].userFilter=uid={user}
> cas.authn.ldap[0].dnFormat=uid=%s,ou=people
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keyStorePassword=password
> cas.authn.ldap[0].name=dev-ldap7-1

> cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
> cas.authn.ldap[0].principalAttributeList=cn,sn,mail

> cas.authn.attributeRepository.defaultAttributesToRelease=cn,sn,mail

> cas.authn.attributeRepository.stub.attributes.uid=uid
> cas.authn.attributeRepository.stub.attributes.displayName=displayName
> cas.authn.attributeRepository.stub.attributes.cn=commonName

> cas.authn.attributeRepository.ldap[0].type=AUTHENTICATED
> cas.authn.attributeRepository.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
> cas.authn.attributeRepository.ldap[0].baseDn=o=usd.edu
> cas.authn.attributeRepository.ldap[0].userFilter=uid=%u
> cas.authn.attributeRepository.ldap[0].subtreeSearch=true
> cas.authn.attributeRepository.ldap[0].bindDn=cn=Directory Manager
> cas.authn.attributeRepository.ldap[0].bindCredential=password
> cas.authn.attributeRepository.ldap[0].userFilter=uid={user}
> cas.authn.attributeRepository.ldap[0].dnFormat=uid=%s,uo=people
> cas.authn.attributeRepository.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.attributeRepository.ldap[0].keyStorePassword=password
> cas.authn.attributeRepository.ldap[0].name=dev-ldap7-1

> cas.authn.attributeRepository.ldap[0].uid=uid
> cas.authn.attributeRepository.ldap[0].displayName=displayName
> cas.authn.attributeRepository.ldap[0].cn=commonName
> cas.authn.attributeRepository.ldap[0].mail=mail
> cas.authn.attributeRepository.ldap[0].sn=sn

> There are configurations for a couple of different attempts, but regardless of
> what I do get back no attributes. The docs talk about the personDirectory but
> either don't give instructions on how to configure it or give instructions for
> cas 4. I'm at a bit of a loss on what to do. Any advise out there?

> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS
> Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email
> to cas-user+unsubscr...@apereo.org .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c0327b4c-528a-476f-8e2e-e5ee82024744%40apereo.org
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/992421723.15239110.1519421849497.JavaMail.zimbra%40unicon.net.