Alberto,

To be sure CAS is releasing the attributes:

        <!-- DEBUG Found principal attributes [...] for [username]
                   Attribute policy [???] allows release of [...] for [username]
                   Final collection of attributes allowed are: [...] -->
        <AsyncLogger 
name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy" 
level="debug"/>

Ray

On Fri, 2019-10-25 at 11:45 +0200, Alberto Cabello Sánchez wrote:

On Thu, 24 Oct 2019 16:12:58 -0400

David Hawes <

<mailto:dha...@vt.edu>

dha...@vt.edu

> wrote:


What version of mod_auth_cas are you using?


Sorry, I didn't included it in my question:


mod_auth_cas is 1.2, freshly cloned from

<https://github.com/apereo/mod_auth_cas.git>

https://github.com/apereo/mod_auth_cas.git


CAS server is 5.3.12.1.


v1.2 supports CASv2 attributes, which should work with /serviceValidate

provided your server supports it.


Turn "CASDebug On" and you should be able to see the validation

response with the attributes returned from your server. With

CASAuthnHeader set to some attribute like you've done, the released

attributes should be in the HTTP headers.


This is the CAS info logged in Tomcat


INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<Authenticated principal [alberto] with attributes [{cn=[alberto], 
givenName=[alberto], irisPersonalUniqueID=[DOC:12345678R], mail=[

<mailto:albe...@unex.es>

albe...@unex.es

], sn=[cabello sánchez], sn1=[cabello], sn2=[sánchez], uid=[alberto]}] via 
credentials [[UsernamePasswordCredential(username=alberto)]].>


I can't find any reference to headers in Apache 2 logs, except


Adding outgoing header: Set-Cookie: 
MOD_AUTH_CAS_S=6c60*******************d099;Secure;Path=/examples/jsp/; 
HttpOnly, referer: <CAS_URL>/login?service=<SERVICE_URL>


I guess I will add some printf() statements in mod_auth_cas to gather more

info, and explore the SAML approach.


If it helps, I do get an "ATTR" header (CASAuthNHeader is set to ATTR),

but it just contains the REMOTE_USER value ("alberto" in this case).


Thanks for your help.



On Thu, 24 Oct 2019 at 06:26, Alberto Cabello Sánchez <

<mailto:albe...@unex.es>

albe...@unex.es

> wrote:


Hi,


I'm trying to get attributes released by CAS through mod_auth_cas and CASv2

protocol (not SAML), but I'm not sure how to achieve it.


I set


CASAuthNHeader ATTR


but it just gives the authenticated user, even if successful login page shows

correctly the attributes defined in application.properties.


Attribute release policy for that service is

"attributeReleasePolicy" : {

    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"

},


My validation URL is


CASValidateURL <CAS_URL>/serviceValidate


I don't know if this is correct. I found another value when using SAML

validation, but I don't know if I have to change this one for CASv2 (only

found this information regarding the SAML version).


Thanks in advance,


--

Alberto Cabello Sánchez

Servicio de Informática

Universidad de Extremadura


--

- Website:

<https://apereo.github.io/cas>

https://apereo.github.io/cas


- Gitter Chatroom:

<https://gitter.im/apereo/cas>

https://gitter.im/apereo/cas


- List Guidelines:

<https://goo.gl/1VRrw7>

https://goo.gl/1VRrw7


- Contributions:

<https://goo.gl/mh7qDG>

https://goo.gl/mh7qDG


---

You received this message because you are subscribed to the Google Groups "CAS 
Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to

<mailto:cas-user+unsubscr...@apereo.org>

cas-user+unsubscr...@apereo.org

.

To view this discussion on the web visit

<https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es>

https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es

.


--

- Website:

<https://apereo.github.io/cas>

https://apereo.github.io/cas


- Gitter Chatroom:

<https://gitter.im/apereo/cas>

https://gitter.im/apereo/cas


- List Guidelines:

<https://goo.gl/1VRrw7>

https://goo.gl/1VRrw7


- Contributions:

<https://goo.gl/mh7qDG>

https://goo.gl/mh7qDG


---

You received this message because you are subscribed to the Google Groups "CAS 
Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to

<mailto:cas-user+unsubscr...@apereo.org>

cas-user+unsubscr...@apereo.org

.

To view this discussion on the web visit

<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wDKF8kj6NuQBKhfP9DeT10vmRWXguFafrzxNAg8454JXQ%40mail.gmail.com>

https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wDKF8kj6NuQBKhfP9DeT10vmRWXguFafrzxNAg8454JXQ%40mail.gmail.com

.



--

Alberto Cabello Sánchez

Servicio de Informática

Universidad de Extremadura


--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/496cc8e05454d95078d6b24dc052df3d9b9976c6.camel%40uvic.ca.

Reply via email to