In your service registry:
{
*...*
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
*...*}
In /etc/httpd/conf.d/cas.conf:
LoadModule auth_cas_module modules/mod_auth_cas.so
<Directory "/var/www/html/secured-by-cas"> <IfModule
mod_auth_cas.c> AuthType CAS
CASAuthNHeader On
</IfModule>
Require valid-user</Directory><IfModule mod_auth_cas.c>
CASLoginUrl https://casserver.example.org/cas/login
CASValidateUrl https://casserver.example.org/cas/samlValidate
CASCookiePath /var/cache/httpd/mod_auth_cas/
CASValidateSAML On
CASSSOEnabled On
CASDebug Off</IfModule>
Note that CASv2 uses SAML 1.1 to return attributes; hence the use of
samlValidate. This is *not* the same thing as configuring the CAS server as
a SAML2 IdP and using SAML instead of CAS to auhenticate.
This will put all your attributes into Apache headers. You can access them
in various ways; here's a simple PHP example that you can put into
/var/www/html/secured-by-cas/index.php or whatever:
<!DOCTYPE html><html lang="en">
<head>
<title>Hello, World!</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet"
href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h1>Secured Content</h1>
<p><big>This is some secure content. You should not be able to
see it until you have entered your username and password.</big></p>
<h2>Attributes Returned by CAS</h2>
<?php
echo "<pre>";
if (array_key_exists('REMOTE_USER', $_SERVER)) {
echo "REMOTE_USER = " . $_SERVER['REMOTE_USER'] . "<br>";
}
$headers = getallheaders();
foreach ($headers as $key => $value) {
if (strpos($key, 'CAS_') === 0) {
echo substr($key, 4) . " = " . $value . "<br>";
}
}
echo "</pre>";
?>
</div>
</body></html>
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR • INFORMATION SECURITY & PRIVACY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu
On Thu, Oct 24, 2019 at 6:26 AM Alberto Cabello Sánchez <albe...@unex.es>
wrote:
> Hi,
>
> I'm trying to get attributes released by CAS through mod_auth_cas and CASv2
> protocol (not SAML), but I'm not sure how to achieve it.
>
> I set
>
> CASAuthNHeader ATTR
>
> but it just gives the authenticated user, even if successful login page
> shows
> correctly the attributes defined in application.properties.
>
> Attribute release policy for that service is
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> },
>
> My validation URL is
>
> CASValidateURL <CAS_URL>/serviceValidate
>
> I don't know if this is correct. I found another value when using SAML
> validation, but I don't know if I have to change this one for CASv2 (only
> found this information regarding the SAML version).
>
> Thanks in advance,
>
> --
> Alberto Cabello Sánchez
> Servicio de Informática
> Universidad de Extremadura
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPmyrxJ%3DS_qSSa%2BHQFgdAFSBofFYLW8QWtVNeiMYNqJzQ%40mail.gmail.com.
