Toby,
You may need to adjust your service (service registry) to allow the attributes
to be released.
These log settings may be useful:
<!-- WARN DN resolution failed - TODO investigate this
Requested LDAP attribute [???] ... -->
<AsyncLogger
name="org.apereo.cas.authentication.LdapAuthenticationHandler" level="debug" />
<!-- DEBUG Found principal attributes [...] for [username]
Attribute policy [???] allows release of [...] for [username]
Final collection of attributes allowed are: [...] -->
<AsyncLogger
name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
level="debug"/>
Ray
On Fri, 2018-02-23 at 12:36 -0800, Toby Archer wrote:
I'm trying to figure out how to do attribute release and haven't gotten
anywhere. I've read all the pages like this one:
https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html
and tried searching this mailing list and followed instructions like in this
one:
https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/attribute/cas-user/VVaONIp1Ts0/Hedpv2uGAwAJ
Right now I'm using ldap for both authentication and attributes. The relevant
part of my cas.properties file looks like this:
# LDAP Auth
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
cas.authn.ldap[0].baseDn=o=usd.edu
cas.authn.ldap[0].userFilter=uid=%u
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].bindDn=cn=Directory Manager
cas.authn.ldap[0].bindCredential=password
cas.authn.ldap[0].userFilter=uid={user}
cas.authn.ldap[0].dnFormat=uid=%s,ou=people
cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
cas.authn.ldap[0].keyStorePassword=password
cas.authn.ldap[0].name=dev-ldap7-1
cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
cas.authn.ldap[0].principalAttributeList=cn,sn,mail
cas.authn.attributeRepository.defaultAttributesToRelease=cn,sn,mail
cas.authn.attributeRepository.stub.attributes.uid=uid
cas.authn.attributeRepository.stub.attributes.displayName=displayName
cas.authn.attributeRepository.stub.attributes.cn=commonName
cas.authn.attributeRepository.ldap[0].type=AUTHENTICATED
cas.authn.attributeRepository.ldap[0].ldapUrl=ldap://usd-ldap.usd.edu
cas.authn.attributeRepository.ldap[0].baseDn=o=usd.edu
cas.authn.attributeRepository.ldap[0].userFilter=uid=%u
cas.authn.attributeRepository.ldap[0].subtreeSearch=true
cas.authn.attributeRepository.ldap[0].bindDn=cn=Directory Manager
cas.authn.attributeRepository.ldap[0].bindCredential=password
cas.authn.attributeRepository.ldap[0].userFilter=uid={user}
cas.authn.attributeRepository.ldap[0].dnFormat=uid=%s,uo=people
cas.authn.attributeRepository.ldap[0].keystore=file:/etc/cas/thekeystore
cas.authn.attributeRepository.ldap[0].keyStorePassword=password
cas.authn.attributeRepository.ldap[0].name=dev-ldap7-1
cas.authn.attributeRepository.ldap[0].uid=uid
cas.authn.attributeRepository.ldap[0].displayName=displayName
cas.authn.attributeRepository.ldap[0].cn=commonName
cas.authn.attributeRepository.ldap[0].mail=mail
cas.authn.attributeRepository.ldap[0].sn=sn
There are configurations for a couple of different attempts, but regardless of
what I do get back no attributes. The docs talk about the personDirectory but
either don't give instructions on how to configure it or give instructions for
cas 4. I'm at a bit of a loss on what to do. Any advise out there?
--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1519421956.1765.81.camel%40uvic.ca.
