[cas-user] Re: SAMLReponse Add new Attributes

Mon, 03 Jun 2019 07:01:14 -0700 

Andrey,

I don't know what version of CAS you're on, but for me, on CAS 5.2.x, I 
have the following json for one of our SPs:

{
  "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
  "serviceId" : "service-id-here",
  "name" : "name-here",
  "id" : 1001,
  "metadataLocation" : "https://service.address/SAML/Metadata";,
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
    "allowedAttributes" : {
      "@class" : "java.util.TreeMap",
      "cn" : "urn:oid:2.5.4.3",
      "mail" : "urn:oid:0.9.2342.19200300.100.1.3"
    }
  },
  "evaluationOrder" : 25
}


Have you tried using the Attribute Resolution & Release feature in the CAS 
Dashboard to see what is being released by CAS?

Matt


On Monday, June 3, 2019 at 5:53:36 AM UTC-6, Andrey Seledkov wrote:
>
> Hi team.
>
> When I worked with with SAML between CAS as IDp and Keycloak as SP , i 
> cannot add addition attribute like firstName, lastName
>
> my cas seetings
>
> cas.authn.attributeRepository.jdbc[0].singleRow=true
> cas.authn.attributeRepository.jdbc[0].requireAllAttributes=true
>
> cas.authn.attributeRepository.jdbc[0].sql=SELECT * FROM ml_emp WHERE {0}
> cas.authn.attributeRepository.jdbc[0].username=USERNAME
> cas.authn.attributeRepository.jdbc[0].driverClass=oracle.jdbc.OracleDriver
> cas.authn.attributeRepository.jdbc[0].user=${DB_USERNAME}
> cas.authn.attributeRepository.jdbc[0].password=${DB_PASSWORD}
> cas.authn.attributeRepository.jdbc[0].url=${DB_URL}
>
> cas.authn.attributeRepository.jdbc[0].attributes.FIRST_NAME=firstName
> cas.authn.attributeRepository.jdbc[0].attributes.LAST_NAME=lastName
>
> my json file
>
> {
>   "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
>   "serviceId": "service-id-here",
>   "name": "name-here",
>   "id": 10000010,
>   "evaluationOrder": 1,
>   "metadataLocation": "file:/etc/cas/saml/saml.xml",
>   "attributeReleasePolicy": {
>     "@class": 
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
>     "allowedAttributes": [
>       "firstName",
>       "lastName"
>     ]
>   }
> }
>
>
> But when i redirect to Keycloak  I dont see any additional attributes in 
> SAMLReponse, could you please assist
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b55cb7e-149c-4b97-a91d-bd755df4c4ba%40apereo.org.

Reply via email to