You should be using the samlValidate endpoint, not the serviceValidate
endpoint in the CASValidateUrl. See the mod_auth_cas documentation.
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Mon, Oct 1, 2018 at 3:18 PM Fahmi L. Ramdhani <
fahmilestianramdh...@gmail.com> wrote:
> Hi,
>
> I'am unable to retrieves CAS User Attributes using mod_auth_cas. Below is
> my configuration:
> *100-domain.com.conf*
> <IfModule mod_ssl.c>
> <VirtualHost *:443>
> ServerName domain.com
> ServerAlias www.domain.com
> ServerAdmin ad...@domain.com
>
>
> DocumentRoot /home/user/www/sites/domain.com
> <Directory "/home/user/www/sites/domain.com">
> <IfModule mod_auth_cas.c>
> CASAuthNHeader On
> AuthType CAS
> </IfModule>
>
>
> # Options Indexes FollowSymLinks
> # AllowOverride All
> # Require all granted
> Require valid-user
> </Directory>
>
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
>
> SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
>
>
> Include /etc/letsencrypt/options-ssl-apache.conf
>
>
> <IfModule mod_auth_cas.c>
> CASLoginUrl https://login.domain.com/cas/login
> CASValidateUrl https://login.domain.com/cas/serviceValidate
> CASValidateServer off
> CASCookiePath /var/cache/apache2/mod_auth_cas/
> CASSSOEnabled On
> CASDebug Off
> </IfModule>
>
>
> </VirtualHost>
>
>
> And this is my *cas.properties*:
> ## ATTRIBUTES
> cas.authn.attributeRepository.jdbc[0].sql = SELECT * FROM user_attributes
> WHERE {0}
> cas.authn.attributeRepository.jdbc[0].healthQuery = SELECT 1
> cas.authn.attributeRepository.jdbc[0].driverClass = com.mysql.jdbc.Driver
> cas.authn.attributeRepository.jdbc[0].url = jdbc:mysql:
> //localhost:3306/cas
> cas.authn.attributeRepository.jdbc[0].user = root
> cas.authn.attributeRepository.jdbc[0].password = xxxxxxx
> cas.authn.attributeRepository.jdbc[0].dialect = org.hibernate.dialect.
> MySQLDialect
> cas.authn.attributeRepository.jdbc[0].singleRow = false
> cas.authn.attributeRepository.jdbc[0].username = email
> cas.authn.attributeRepository.jdbc[0].columnMappings.key = value
>
> cas.authn.attributeRepository.defaultAttributesToRelease=first_name,
> last_name,company_name
>
>
> Loging has successfuly but HTML output is:
> Secured Content
>
> This is some secure content. You should not be able to see it until you
> have entered your username and password.
>
>
> Attributes Returned by CAS
>
> REMOTE_USER = u...@domain.com
> HostConnectionCache-ControlUpgrade-Insecure-RequestsUser-AgentAcceptRefererAccept-EncodingAccept-LanguageCookieOn
>
>
> Attributes not showing. Does anyone have a solution to this problem?
> Thanks.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f3b5da87-1254-4155-998c-ad86eeee8cca%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f3b5da87-1254-4155-998c-ad86eeee8cca%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPrQz7Cf5b5t63dBOjGnBV2iNhooS33cpQUgkuGHDVA0w%40mail.gmail.com.
