Andrey,
cn and mail are attributes from my LDAP that are being released to the SP.
Based on the Internet2 attribute release policy, firstName (givenName)
is urn:oid:2.5.4.42, while lastName (sn) is urn:oid:2.5.4.4
https://www.internet2.edu/help/attribute-release-policy/
If your SP is looking for specific attributes, they may need to be mapped
according to this Internet2 standard.
Hopefully that helps.
On Monday, June 3, 2019 at 8:37:39 AM UTC-6, Andrey Seledkov wrote:
>
> I will try , but what is 'cn' and 'mail' here?
>
> For my task I need to put in SamlResponse fisrtName and lastName which I
> retrieved from database
>
> понедельник, 3 июня 2019 г., 17:00:20 UTC+3 пользователь Matthew Uribe
> написал:
>>
>> Andrey,
>>
>> I don't know what version of CAS you're on, but for me, on CAS 5.2.x, I
>> have the following json for one of our SPs:
>>
>> {
>> "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
>> "serviceId" : "service-id-here",
>> "name" : "name-here",
>> "id" : 1001,
>> "metadataLocation" : "https://service.address/SAML/Metadata";,
>> "attributeReleasePolicy" : {
>> "@class" :
>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
>> "allowedAttributes" : {
>> "@class" : "java.util.TreeMap",
>> "cn" : "urn:oid:2.5.4.3",
>> "mail" : "urn:oid:0.9.2342.19200300.100.1.3"
>> }
>> },
>> "evaluationOrder" : 25
>> }
>>
>>
>> Have you tried using the Attribute Resolution & Release feature in the
>> CAS Dashboard to see what is being released by CAS?
>>
>> Matt
>>
>>
>> On Monday, June 3, 2019 at 5:53:36 AM UTC-6, Andrey Seledkov wrote:
>>>
>>> Hi team.
>>>
>>> When I worked with with SAML between CAS as IDp and Keycloak as SP , i
>>> cannot add addition attribute like firstName, lastName
>>>
>>> my cas seetings
>>>
>>> cas.authn.attributeRepository.jdbc[0].singleRow=true
>>> cas.authn.attributeRepository.jdbc[0].requireAllAttributes=true
>>>
>>> cas.authn.attributeRepository.jdbc[0].sql=SELECT * FROM ml_emp WHERE {0}
>>> cas.authn.attributeRepository.jdbc[0].username=USERNAME
>>>
>>> cas.authn.attributeRepository.jdbc[0].driverClass=oracle.jdbc.OracleDriver
>>> cas.authn.attributeRepository.jdbc[0].user=${DB_USERNAME}
>>> cas.authn.attributeRepository.jdbc[0].password=${DB_PASSWORD}
>>> cas.authn.attributeRepository.jdbc[0].url=${DB_URL}
>>>
>>> cas.authn.attributeRepository.jdbc[0].attributes.FIRST_NAME=firstName
>>> cas.authn.attributeRepository.jdbc[0].attributes.LAST_NAME=lastName
>>>
>>> my json file
>>>
>>> {
>>> "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
>>> "serviceId": "service-id-here",
>>> "name": "name-here",
>>> "id": 10000010,
>>> "evaluationOrder": 1,
>>> "metadataLocation": "file:/etc/cas/saml/saml.xml",
>>> "attributeReleasePolicy": {
>>> "@class":
>>> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
>>> "allowedAttributes": [
>>> "firstName",
>>> "lastName"
>>> ]
>>> }
>>> }
>>>
>>>
>>> But when i redirect to Keycloak I dont see any additional attributes in
>>> SAMLReponse, could you please assist
>>>
>>>
>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f1b4df77-3166-4c58-a0a1-0b2489f9a04d%40apereo.org.
