I haven't tried CAS 6 yet, but according to the documentation, at least for
the attribute release, it's pretty much the same as the version I'm using.
Since you are using the "Return Allowed" policy, your json (attribute
portion) might need to look more like this:
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "firstName",
"lastName" ] ]
}
Otherwise try the Mapped Attribute release policy, so that you may send the
attributes to the SP using the naming in the OASIS Standard, which would
look like this:
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"firstName" : "urn:oid:2.5.4.42",
"lastName" : "urn:oid:2.5.4.4"
}
}
https://apereo.github.io/cas/6.0.x/integration/Attribute-Release-Policies.html
On Monday, June 3, 2019 at 12:03:27 PM UTC-6, Andrey Seledkov wrote:
>
> Cas version is 6
>
>
> Nothing changed , i got SamlResponse without new attributes
>
> Maybe i miss something
>
>
> понедельник, 3 июня 2019 г., 18:39:20 UTC+3 пользователь Matthew Uribe
> написал:
>>
>> Andrey,
>>
>> cn and mail are attributes from my LDAP that are being released to the
>> SP. Based on the Internet2 attribute release policy, firstName (givenName)
>> is urn:oid:2.5.4.42, while lastName (sn) is urn:oid:2.5.4.4
>> https://www.internet2.edu/help/attribute-release-policy/
>>
>> If your SP is looking for specific attributes, they may need to be mapped
>> according to this Internet2 standard.
>>
>> Hopefully that helps.
>>
>> On Monday, June 3, 2019 at 8:37:39 AM UTC-6, Andrey Seledkov wrote:
>>>
>>> I will try , but what is 'cn' and 'mail' here?
>>>
>>> For my task I need to put in SamlResponse fisrtName and lastName which I
>>> retrieved from database
>>>
>>> понедельник, 3 июня 2019 г., 17:00:20 UTC+3 пользователь Matthew Uribe
>>> написал:
>>>>
>>>> Andrey,
>>>>
>>>> I don't know what version of CAS you're on, but for me, on CAS 5.2.x, I
>>>> have the following json for one of our SPs:
>>>>
>>>> {
>>>> "@class" :
>>>> "org.apereo.cas.support.saml.services.SamlRegisteredService",
>>>> "serviceId" : "service-id-here",
>>>> "name" : "name-here",
>>>> "id" : 1001,
>>>> "metadataLocation" : "https://service.address/SAML/Metadata";,
>>>> "attributeReleasePolicy" : {
>>>> "@class" :
>>>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
>>>> "allowedAttributes" : {
>>>> "@class" : "java.util.TreeMap",
>>>> "cn" : "urn:oid:2.5.4.3",
>>>> "mail" : "urn:oid:0.9.2342.19200300.100.1.3"
>>>> }
>>>> },
>>>> "evaluationOrder" : 25
>>>> }
>>>>
>>>>
>>>> Have you tried using the Attribute Resolution & Release feature in the
>>>> CAS Dashboard to see what is being released by CAS?
>>>>
>>>> Matt
>>>>
>>>>
>>>> On Monday, June 3, 2019 at 5:53:36 AM UTC-6, Andrey Seledkov wrote:
>>>>>
>>>>> Hi team.
>>>>>
>>>>> When I worked with with SAML between CAS as IDp and Keycloak as SP , i
>>>>> cannot add addition attribute like firstName, lastName
>>>>>
>>>>> my cas seetings
>>>>>
>>>>> cas.authn.attributeRepository.jdbc[0].singleRow=true
>>>>> cas.authn.attributeRepository.jdbc[0].requireAllAttributes=true
>>>>>
>>>>> cas.authn.attributeRepository.jdbc[0].sql=SELECT * FROM ml_emp WHERE
>>>>> {0}
>>>>> cas.authn.attributeRepository.jdbc[0].username=USERNAME
>>>>>
>>>>> cas.authn.attributeRepository.jdbc[0].driverClass=oracle.jdbc.OracleDriver
>>>>> cas.authn.attributeRepository.jdbc[0].user=${DB_USERNAME}
>>>>> cas.authn.attributeRepository.jdbc[0].password=${DB_PASSWORD}
>>>>> cas.authn.attributeRepository.jdbc[0].url=${DB_URL}
>>>>>
>>>>> cas.authn.attributeRepository.jdbc[0].attributes.FIRST_NAME=firstName
>>>>> cas.authn.attributeRepository.jdbc[0].attributes.LAST_NAME=lastName
>>>>>
>>>>> my json file
>>>>>
>>>>> {
>>>>> "@class":
>>>>> "org.apereo.cas.support.saml.services.SamlRegisteredService",
>>>>> "serviceId": "service-id-here",
>>>>> "name": "name-here",
>>>>> "id": 10000010,
>>>>> "evaluationOrder": 1,
>>>>> "metadataLocation": "file:/etc/cas/saml/saml.xml",
>>>>> "attributeReleasePolicy": {
>>>>> "@class":
>>>>> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
>>>>> "allowedAttributes": [
>>>>> "firstName",
>>>>> "lastName"
>>>>> ]
>>>>> }
>>>>> }
>>>>>
>>>>>
>>>>> But when i redirect to Keycloak I dont see any additional attributes
>>>>> in SAMLReponse, could you please assist
>>>>>
>>>>>
>>>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/556e1ac0-651f-4132-8b51-e75a772a9ba7%40apereo.org.
