[cas-user] SAML delegated authentication - Authentication attributes missing in the user profile

[David Oteo]

Hi,

We configured CAS 5.2.2 to delegate authentication to an external IdP 
through SAML. In the SAML response there is an "AuthnContext" tag that does 
not appear in the user profile attributes. CAS 5.2.2 seems to use pac4j 
v2.2.x and here (https://github.com/pac4j/pac4j/pull/961) I can see that 
this functionality was added to pac4j v2.2.

I see this in the logs:

[13/11/18 15:13:42:484 CET] 00000147 SystemOut     O 2018-11-13 
15:13:42,339 DEBUG [org.pac4j.saml.profile.SAML2Profile] - <adding => key: 
authnContext / value: [urn:safelayer:tws:policies:authentication:flow:cert] 
/ class java.util.ArrayList>

but the attribute is not present in the user profile:

[13/11/18 15:13:42:547 CET] 00000147 SystemOut     O 2018-11-13 
15:13:42,340 DEBUG [org.pac4j.saml.client.SAML2Client] - <profile: 
#SAML2Profile# | id: CN=CORPREC FICTICIO ACTIVO, O=EMPTY | attributes: 
{country=[ES], cif=[Q3890349H], birthdate=[EMPTY], key_usage=[EMPTY], 
not_before=[2017-03-16T12:15:29Z], subject=[SERIALNUMBER=99999988J, 
OID.2.5.4.4=#0C08464943544943494F, OID.2.5.4.42=#0C07434F5250524543, 
CN=CORPREC FICTICIO ACTIVO, 
OID.2.5.4.46=#131D2D646E692039393939393938384A202D63696620513338393033343948, 
OU=Condiciones de uso en www.izenpe.com nola erabili jakiteko, 
OU=Ziurtagiri korporatibo onartua - Cert. corporativo reconocido, O=IZENPE, 
C=ES], tsl=[S], issuer=[CN=CA personal de AAPP vascas (2) - DESARROLLO, 
OU=AZZ Ziurtagiri publikoa - Certificado publico SCA, O=IZENPE S.A., C=ES], 
notBefore=2018-11-13T14:13:41.480Z, surname1=[FICTICIO], surname2=[ACTIVO], 
dni=[99999988J], email=EMPTY, tipoAfirma=[0], firmaCualificada=[S], 
naturalPersonSemanticsIdentifier=[IDCES-99999988J], 
legalPersonSemanticsIdentifier=[VATES-Q3890349H], serial_number=[C6o=], 
preferencia_otp=[sms], given_name=[CORPREC], pais=[ES], 
not_after=[2021-03-16T12:15:29Z], register_type=[1], 
policy_identifier=[1.3.6.1.4.1.14777.104.2], person_status=[PF], 
organization=[EMPTY], domain=[izenpe], name=[CORPREC FICTICIO ACTIVO], 
notOnOrAfter=2018-11-13T14:18:41.480Z, family_name=FICTICIO ACTIVO} | 
roles: [] | permissions: [] | isRemembered: false | clientName: null | 
linkedId: null |>

What am I missing here?

Thank you very much once again!!

Best regards,
David.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b40c3d58-1281-43e8-917b-8e76ca204241%40apereo.org.