I am currently on CAS 4.0.7 and I am trying to authenticate with a service using a different attribute than the normal principal ID. I am trying to get CAS to return the employeeID instead of the sAMAccountName. So, I have deployerConfigContext.xml file setup like below according to http://jasig.github.io/cas/4.0.x/integration/Attribute-Release.html .
In deployerConfigContext.xml: <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" p:principalIdAttribute="sAMAccountName" c:authenticator-ref="authenticator"> <property name="principalAttributeMap"> <map> <!-- | This map provides a simple attribute resolution mechanism. | Keys are LDAP attribute names, values are CAS attribute names. | Use this facility instead of a PrincipalResolver if LDAP is | the only attribute source. --> <entry key="displayName" value="displayName" /> <entry key="mail" value="mail" /> <entry key="memberOf" value="memberOf" /> <entry key="employeeID" value="employeeID" /> </map> </property> </bean> The registered service looks like this: <bean class="org.jasig.cas.services.RegexRegisteredService"> <property name="id" value="8" /> <property name="name" value="OCLC" /> <property name="description" value="Allows connections from OCLC hosted site" /> <property name="serviceId" value="[service url]" /> <property name="evaluationOrder" value="8" /> <property name="usernameAttribute" value="employeeID" /> <property name="allowedAttributes"> <list> <value>employeeID</value> </list> </property> </bean> Then, when I try to authenticate with the service, the CAS log shows that it got my employee id number from LDAP, which is good. However, it says the Principal id to return for service is my user name and the default principal id is my employee ID number. So, is CAS sending my user name (sAMAccountName) or my employee Id as the principal Id, is there a way to test? If CAS is still returning the sAMAccount name, how do I get it return the employeeID as the principal id? The people in charge of the hosted service I am working with believe CAS is still sending the sAMAccountName. CAS log: ============================================================= WHO: my_user_name WHAT: ST-5248-1PHxmo1HozRbMV7S3tbb for service_url ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Tue May 03 10:40:38 EDT 2016 CLIENT IP ADDRESS: 10.21.1.35 SERVER IP ADDRESS: 192.102.218.104 ============================================================= 2016-05-03 10:40:38,622 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated service for: service_url 2016-05-03 10:40:38,623 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve ticket [ST-5248-1PHxmo1HozRbMV7S3tbb] 2016-05-03 10:40:38,623 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket [ST-5248-1PHxmo1HozRbMV7S3tbb] found in registry. 2016-05-03 10:40:38,623 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [employeeID] in the list of allowed attributes for service [OCLC] 2016-05-03 10:40:38,623 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - Principal id to return for service [OCLC] is [my_user_name]. The default principal id is [my_employee_id]. 2016-05-03 10:40:38,624 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket [ST-5248-1PHxmo1HozRbMV7S3tbb] from registry 2016-05-03 10:40:38,624 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve ticket [ST-5248-1PHxmo1HozRbMV7S3tbb] 2016-05-03 10:40:38,624 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN Thanks, -------------------- David Abney ITS Web Developer/Programmer 600 West Walnut Street Danville, Kentucky 40422 859.238.5761 [email_logo] www.centre.edu<http://www.centre.edu/> -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b3705525284a4eceab0d3f70dc3b8cb9%40Exchange-MB2.centre.edu. For more options, visit https://groups.google.com/a/apereo.org/d/optout.