Alberto, To be sure CAS is releasing the attributes:
<!-- DEBUG Found principal attributes [...] for [username] Attribute policy [???] allows release of [...] for [username] Final collection of attributes allowed are: [...] --> <AsyncLogger name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy" level="debug"/> Ray On Fri, 2019-10-25 at 11:45 +0200, Alberto Cabello Sánchez wrote: On Thu, 24 Oct 2019 16:12:58 -0400 David Hawes < <mailto:dha...@vt.edu> dha...@vt.edu > wrote: What version of mod_auth_cas are you using? Sorry, I didn't included it in my question: mod_auth_cas is 1.2, freshly cloned from <https://github.com/apereo/mod_auth_cas.git> https://github.com/apereo/mod_auth_cas.git CAS server is 5.3.12.1. v1.2 supports CASv2 attributes, which should work with /serviceValidate provided your server supports it. Turn "CASDebug On" and you should be able to see the validation response with the attributes returned from your server. With CASAuthnHeader set to some attribute like you've done, the released attributes should be in the HTTP headers. This is the CAS info logged in Tomcat INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated principal [alberto] with attributes [{cn=[alberto], givenName=[alberto], irisPersonalUniqueID=[DOC:12345678R], mail=[ <mailto:albe...@unex.es> albe...@unex.es ], sn=[cabello sánchez], sn1=[cabello], sn2=[sánchez], uid=[alberto]}] via credentials [[UsernamePasswordCredential(username=alberto)]].> I can't find any reference to headers in Apache 2 logs, except Adding outgoing header: Set-Cookie: MOD_AUTH_CAS_S=6c60*******************d099;Secure;Path=/examples/jsp/; HttpOnly, referer: <CAS_URL>/login?service=<SERVICE_URL> I guess I will add some printf() statements in mod_auth_cas to gather more info, and explore the SAML approach. If it helps, I do get an "ATTR" header (CASAuthNHeader is set to ATTR), but it just contains the REMOTE_USER value ("alberto" in this case). Thanks for your help. On Thu, 24 Oct 2019 at 06:26, Alberto Cabello Sánchez < <mailto:albe...@unex.es> albe...@unex.es > wrote: Hi, I'm trying to get attributes released by CAS through mod_auth_cas and CASv2 protocol (not SAML), but I'm not sure how to achieve it. I set CASAuthNHeader ATTR but it just gives the authenticated user, even if successful login page shows correctly the attributes defined in application.properties. Attribute release policy for that service is "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" }, My validation URL is CASValidateURL <CAS_URL>/serviceValidate I don't know if this is correct. I found another value when using SAML validation, but I don't know if I have to change this one for CASv2 (only found this information regarding the SAML version). Thanks in advance, -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: <https://apereo.github.io/cas> https://apereo.github.io/cas - Gitter Chatroom: <https://gitter.im/apereo/cas> https://gitter.im/apereo/cas - List Guidelines: <https://goo.gl/1VRrw7> https://goo.gl/1VRrw7 - Contributions: <https://goo.gl/mh7qDG> https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to <mailto:cas-user+unsubscr...@apereo.org> cas-user+unsubscr...@apereo.org . To view this discussion on the web visit <https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es> https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es . -- - Website: <https://apereo.github.io/cas> https://apereo.github.io/cas - Gitter Chatroom: <https://gitter.im/apereo/cas> https://gitter.im/apereo/cas - List Guidelines: <https://goo.gl/1VRrw7> https://goo.gl/1VRrw7 - Contributions: <https://goo.gl/mh7qDG> https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to <mailto:cas-user+unsubscr...@apereo.org> cas-user+unsubscr...@apereo.org . To view this discussion on the web visit <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wDKF8kj6NuQBKhfP9DeT10vmRWXguFafrzxNAg8454JXQ%40mail.gmail.com> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wDKF8kj6NuQBKhfP9DeT10vmRWXguFafrzxNAg8454JXQ%40mail.gmail.com . -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/496cc8e05454d95078d6b24dc052df3d9b9976c6.camel%40uvic.ca.