[cas-user] SPNEGO : Retrieve Attribute from AD?

Thu, 22 Aug 2019 03:31:47 -0700 

Hi,
When my users login manually from CAS, attributes from AD are correctly 
retrieved and pass to my webapp. But with SPNEGO automatic login, i don't 
see on cas.log the attributes and my webapp (nextcloud) don't update user 
information (displayName, mail, memberOf). I don't see any row on apereo 
documentation who permit retrieve attributes from SPNEGO... Maybe I does 
create a service file specially for SPNEGO..?
If you have any idea :)
Thanks at all ;)


SPENGO section from cas.properties :

cas.authn.spnego.kerberosConf=file:/etc/krb5.conf
cas.authn.spnego.mixedModeAuthentication=true
cas.authn.spnego.cachePolicy=600
cas.authn.spnego.timeout=300000
cas.authn.spnego.jcifsServicePrincipal=HTTP/authentification.mydomain...@domain.lan
cas.authn.spnego.jcifsServicePassword=MyPassWord
cas.authn.spnego.loginConf=file:/etc/cas/config/login.conf
cas.authn.spnego.ntlmAllowed=false
cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit
cas.authn.spnego.hostNameClientActionStrategy=baseSpnegoClientAction
cas.authn.spnego.kerberosKdc=192.168.0.1
cas.authn.spnego.ipsToCheckPattern=10.+
cas.authn.spnego.kerberosDebug=true
cas.authn.spnego.kerberosRealm=DOMAIN.LAN
cas.authn.spnego.send401OnAuthenticationFailure=true
# cas.authn.spnego.jcifsNetbiosWins=
# cas.authn.spnego.hostNamePatternString=.+
# cas.authn.spnego.jcifsUsername=
# cas.authn.spnego.useSubjectCredsOnly=false
# cas.authn.spnego.jcifsDomainController=
# cas.authn.spnego.dnsTimeout=2000
# cas.authn.spnego.alternativeRemoteHostAttribute=alternateRemoteHeader
# cas.authn.spnego.jcifsDomain=
# cas.authn.spnego.ntlm=false
cas.authn.spnego.principalWithDomainName=false
# cas.authn.spnego.jcifsPassword=
cas.authn.spnego.spnegoAttributeName=sAMAccountName
# cas.authn.spnego.name=DOMAIN.LAN
cas.authn.spnego.principal.principalAttribute=sAMAccountName
# cas.authn.spnego.principal.returnNull=false

And the section for AD :

cas.authn.ldap[1].type=AD
cas.authn.ldap[1].ldapUrl=ldap://10.0.0.1
cas.authn.ldap[1].useSsl=false
cas.authn.ldap[1].useStartTls=false
cas.authn.ldap[1].connectTimeout=5000
cas.authn.ldap[1].baseDn=DC=DOMAIN1,DC=LAN
cas.authn.ldap[1].bindDn=DOMAIN1\\mylogin
cas.authn.ldap[1].bindCredential=MyBindPassword
cas.authn.ldap[1].principalAttributeId=sAMAccountName
cas.authn.ldap[1].principalAttributePassword=unicodePwd
cas.authn.ldap[1].principalAttributeList=sAMAccountName,sn,cn,givenName,displayName,mail,memberOf
cas.authn.ldap[1].userFilter=(sAMAccountName={user})
cas.authn.ldap[1].dnFormat=%s...@mydomain1.lan
cas.authn.ldap[1].allowMultiplePrincipalAttributeValues=true
cas.authn.ldap[1].subtreeSearch=true
cas.authn.ldap[1].usePasswordPolicy=false
cas.authn.ldap[1].failFast=false

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6b211705-5ccd-496a-88f3-5637344f5604%40apereo.org.

Reply via email to