I am currently on CAS 4.0.7 and I am trying to authenticate with a service
using a different attribute than the normal principal ID. I am trying to get
CAS to return the employeeID instead of the sAMAccountName. So, I have
deployerConfigContext.xml file setup like below according to
http://jasig.github.io/cas/4.0.x/integration/Attribute-Release.html .
In deployerConfigContext.xml:
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="sAMAccountName"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<!--
| This map provides a simple attribute resolution mechanism.
| Keys are LDAP attribute names, values are CAS attribute names.
| Use this facility instead of a PrincipalResolver if LDAP is
| the only attribute source.
-->
<entry key="displayName" value="displayName" />
<entry key="mail" value="mail" />
<entry key="memberOf" value="memberOf" />
<entry key="employeeID" value="employeeID" />
</map>
</property>
</bean>
The registered service looks like this:
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="8" />
<property name="name" value="OCLC" />
<property name="description" value="Allows connections from OCLC
hosted site" />
<property name="serviceId" value="[service url]" />
<property name="evaluationOrder" value="8" />
<property name="usernameAttribute" value="employeeID" />
<property name="allowedAttributes">
<list>
<value>employeeID</value>
</list>
</property>
</bean>
Then, when I try to authenticate with the service, the CAS log shows that it
got my employee id number from LDAP, which is good. However, it says the
Principal id to return for service is my user name and the default principal id
is my employee ID number. So, is CAS sending my user name (sAMAccountName) or
my employee Id as the principal Id, is there a way to test? If CAS is still
returning the sAMAccount name, how do I get it return the employeeID as the
principal id? The people in charge of the hosted service I am working with
believe CAS is still sending the sAMAccountName.
CAS log:
=============================================================
WHO: my_user_name
WHAT: ST-5248-1PHxmo1HozRbMV7S3tbb for service_url
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue May 03 10:40:38 EDT 2016
CLIENT IP ADDRESS: 10.21.1.35
SERVER IP ADDRESS: 192.102.218.104
=============================================================
2016-05-03 10:40:38,622 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- Extractor generated service for: service_url
2016-05-03 10:40:38,623 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve
ticket [ST-5248-1PHxmo1HozRbMV7S3tbb]
2016-05-03 10:40:38,623 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
[ST-5248-1PHxmo1HozRbMV7S3tbb] found in registry.
2016-05-03 10:40:38,623 DEBUG
[org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] -
Found attribute [employeeID] in the list of allowed attributes for service
[OCLC]
2016-05-03 10:40:38,623 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- Principal id to return for service [OCLC] is [my_user_name]. The default
principal id is [my_employee_id].
2016-05-03 10:40:38,624 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket
[ST-5248-1PHxmo1HozRbMV7S3tbb] from registry
2016-05-03 10:40:38,624 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve
ticket [ST-5248-1PHxmo1HozRbMV7S3tbb]
2016-05-03 10:40:38,624 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail
record BEGIN
Thanks,
--------------------
David Abney
ITS Web Developer/Programmer
600 West Walnut Street
Danville, Kentucky 40422
859.238.5761
[email_logo]
www.centre.edu<http://www.centre.edu/>
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b3705525284a4eceab0d3f70dc3b8cb9%40Exchange-MB2.centre.edu.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
