Alberto,
To be sure CAS is releasing the attributes:
<!-- DEBUG Found principal attributes [...] for [username]
Attribute policy [???] allows release of [...] for [username]
Final collection of attributes allowed are: [...] -->
<AsyncLogger
name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
level="debug"/>
Ray
On Fri, 2019-10-25 at 11:45 +0200, Alberto Cabello Sánchez wrote:
On Thu, 24 Oct 2019 16:12:58 -0400
David Hawes <
<mailto:dha...@vt.edu>
dha...@vt.edu
> wrote:
What version of mod_auth_cas are you using?
Sorry, I didn't included it in my question:
mod_auth_cas is 1.2, freshly cloned from
<https://github.com/apereo/mod_auth_cas.git>
https://github.com/apereo/mod_auth_cas.git
CAS server is 5.3.12.1.
v1.2 supports CASv2 attributes, which should work with /serviceValidate
provided your server supports it.
Turn "CASDebug On" and you should be able to see the validation
response with the attributes returned from your server. With
CASAuthnHeader set to some attribute like you've done, the released
attributes should be in the HTTP headers.
This is the CAS info logged in Tomcat
INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authenticated principal [alberto] with attributes [{cn=[alberto],
givenName=[alberto], irisPersonalUniqueID=[DOC:12345678R], mail=[
<mailto:albe...@unex.es>
albe...@unex.es
], sn=[cabello sánchez], sn1=[cabello], sn2=[sánchez], uid=[alberto]}] via
credentials [[UsernamePasswordCredential(username=alberto)]].>
I can't find any reference to headers in Apache 2 logs, except
Adding outgoing header: Set-Cookie:
MOD_AUTH_CAS_S=6c60*******************d099;Secure;Path=/examples/jsp/;
HttpOnly, referer: <CAS_URL>/login?service=<SERVICE_URL>
I guess I will add some printf() statements in mod_auth_cas to gather more
info, and explore the SAML approach.
If it helps, I do get an "ATTR" header (CASAuthNHeader is set to ATTR),
but it just contains the REMOTE_USER value ("alberto" in this case).
Thanks for your help.
On Thu, 24 Oct 2019 at 06:26, Alberto Cabello Sánchez <
<mailto:albe...@unex.es>
albe...@unex.es
> wrote:
Hi,
I'm trying to get attributes released by CAS through mod_auth_cas and CASv2
protocol (not SAML), but I'm not sure how to achieve it.
I set
CASAuthNHeader ATTR
but it just gives the authenticated user, even if successful login page shows
correctly the attributes defined in application.properties.
Attribute release policy for that service is
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
My validation URL is
CASValidateURL <CAS_URL>/serviceValidate
I don't know if this is correct. I found another value when using SAML
validation, but I don't know if I have to change this one for CASv2 (only
found this information regarding the SAML version).
Thanks in advance,
--
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura
--
- Website:
<https://apereo.github.io/cas>
https://apereo.github.io/cas
- Gitter Chatroom:
<https://gitter.im/apereo/cas>
https://gitter.im/apereo/cas
- List Guidelines:
<https://goo.gl/1VRrw7>
https://goo.gl/1VRrw7
- Contributions:
<https://goo.gl/mh7qDG>
https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
<mailto:cas-user+unsubscr...@apereo.org>
cas-user+unsubscr...@apereo.org
.
To view this discussion on the web visit
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es>
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es
.
--
- Website:
<https://apereo.github.io/cas>
https://apereo.github.io/cas
- Gitter Chatroom:
<https://gitter.im/apereo/cas>
https://gitter.im/apereo/cas
- List Guidelines:
<https://goo.gl/1VRrw7>
https://goo.gl/1VRrw7
- Contributions:
<https://goo.gl/mh7qDG>
https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
<mailto:cas-user+unsubscr...@apereo.org>
cas-user+unsubscr...@apereo.org
.
To view this discussion on the web visit
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wDKF8kj6NuQBKhfP9DeT10vmRWXguFafrzxNAg8454JXQ%40mail.gmail.com>
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wDKF8kj6NuQBKhfP9DeT10vmRWXguFafrzxNAg8454JXQ%40mail.gmail.com
.
--
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/496cc8e05454d95078d6b24dc052df3d9b9976c6.camel%40uvic.ca.
