Hi, When my users login manually from CAS, attributes from AD are correctly retrieved and pass to my webapp. But with SPNEGO automatic login, i don't see on cas.log the attributes and my webapp (nextcloud) don't update user information (displayName, mail, memberOf). I don't see any row on apereo documentation who permit retrieve attributes from SPNEGO... Maybe I does create a service file specially for SPNEGO..? If you have any idea :) Thanks at all ;)
SPENGO section from cas.properties : cas.authn.spnego.kerberosConf=file:/etc/krb5.conf cas.authn.spnego.mixedModeAuthentication=true cas.authn.spnego.cachePolicy=600 cas.authn.spnego.timeout=300000 cas.authn.spnego.jcifsServicePrincipal=HTTP/authentification.mydomain...@domain.lan cas.authn.spnego.jcifsServicePassword=MyPassWord cas.authn.spnego.loginConf=file:/etc/cas/config/login.conf cas.authn.spnego.ntlmAllowed=false cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit cas.authn.spnego.hostNameClientActionStrategy=baseSpnegoClientAction cas.authn.spnego.kerberosKdc=192.168.0.1 cas.authn.spnego.ipsToCheckPattern=10.+ cas.authn.spnego.kerberosDebug=true cas.authn.spnego.kerberosRealm=DOMAIN.LAN cas.authn.spnego.send401OnAuthenticationFailure=true # cas.authn.spnego.jcifsNetbiosWins= # cas.authn.spnego.hostNamePatternString=.+ # cas.authn.spnego.jcifsUsername= # cas.authn.spnego.useSubjectCredsOnly=false # cas.authn.spnego.jcifsDomainController= # cas.authn.spnego.dnsTimeout=2000 # cas.authn.spnego.alternativeRemoteHostAttribute=alternateRemoteHeader # cas.authn.spnego.jcifsDomain= # cas.authn.spnego.ntlm=false cas.authn.spnego.principalWithDomainName=false # cas.authn.spnego.jcifsPassword= cas.authn.spnego.spnegoAttributeName=sAMAccountName # cas.authn.spnego.name=DOMAIN.LAN cas.authn.spnego.principal.principalAttribute=sAMAccountName # cas.authn.spnego.principal.returnNull=false And the section for AD : cas.authn.ldap[1].type=AD cas.authn.ldap[1].ldapUrl=ldap://10.0.0.1 cas.authn.ldap[1].useSsl=false cas.authn.ldap[1].useStartTls=false cas.authn.ldap[1].connectTimeout=5000 cas.authn.ldap[1].baseDn=DC=DOMAIN1,DC=LAN cas.authn.ldap[1].bindDn=DOMAIN1\\mylogin cas.authn.ldap[1].bindCredential=MyBindPassword cas.authn.ldap[1].principalAttributeId=sAMAccountName cas.authn.ldap[1].principalAttributePassword=unicodePwd cas.authn.ldap[1].principalAttributeList=sAMAccountName,sn,cn,givenName,displayName,mail,memberOf cas.authn.ldap[1].userFilter=(sAMAccountName={user}) cas.authn.ldap[1].dnFormat=%s...@mydomain1.lan cas.authn.ldap[1].allowMultiplePrincipalAttributeValues=true cas.authn.ldap[1].subtreeSearch=true cas.authn.ldap[1].usePasswordPolicy=false cas.authn.ldap[1].failFast=false -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6b211705-5ccd-496a-88f3-5637344f5604%40apereo.org.