Hi, thanks everyone for your help!
This worked like a charm, just adding the SAML dependency and changing two
lines in mod_auth_cas config ("CASValidateUrl" and "CASValidateSAML On").
I'll be investigating the cause of my CAS and mod_auth_cas not sharing the
attributes, anyway.
Best regards.
On Thu, 24 Oct 2019 08:13:18 -0400
David Curry <david.cu...@newschool.edu> wrote:
> In your service registry:
>
> {
> *...*
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> },
> *...*}
>
> In /etc/httpd/conf.d/cas.conf:
>
> LoadModule auth_cas_module modules/mod_auth_cas.so
> <Directory "/var/www/html/secured-by-cas"> <IfModule
> mod_auth_cas.c> AuthType CAS
> CASAuthNHeader On
> </IfModule>
> Require valid-user</Directory><IfModule mod_auth_cas.c>
> CASLoginUrl https://casserver.example.org/cas/login
> CASValidateUrl https://casserver.example.org/cas/samlValidate
> CASCookiePath /var/cache/httpd/mod_auth_cas/
> CASValidateSAML On
> CASSSOEnabled On
> CASDebug Off</IfModule>
>
> Note that CASv2 uses SAML 1.1 to return attributes; hence the use of
> samlValidate. This is *not* the same thing as configuring the CAS server as
> a SAML2 IdP and using SAML instead of CAS to auhenticate.
>
> This will put all your attributes into Apache headers. You can access them
> in various ways; here's a simple PHP example that you can put into
> /var/www/html/secured-by-cas/index.php or whatever:
>
> <!DOCTYPE html><html lang="en">
> <head>
> <title>Hello, World!</title>
> <meta charset="utf-8">
> <meta name="viewport" content="width=device-width, initial-scale=1">
> <link rel="stylesheet"
> href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
> </head>
> <body>
> <div class="container">
> <h1>Secured Content</h1>
> <p><big>This is some secure content. You should not be able to
> see it until you have entered your username and password.</big></p>
> <h2>Attributes Returned by CAS</h2>
> <?php
> echo "<pre>";
>
> if (array_key_exists('REMOTE_USER', $_SERVER)) {
> echo "REMOTE_USER = " . $_SERVER['REMOTE_USER'] . "<br>";
> }
>
> $headers = getallheaders();
> foreach ($headers as $key => $value) {
> if (strpos($key, 'CAS_') === 0) {
> echo substr($key, 4) . " = " . $value . "<br>";
> }
> }
>
> echo "</pre>";
> ?>
> </div>
> </body></html>
>
>
> --Dave
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david.cu...@newschool.edu
>
>
>
> On Thu, Oct 24, 2019 at 6:26 AM Alberto Cabello Sánchez <albe...@unex.es>
> wrote:
>
> > Hi,
> >
> > I'm trying to get attributes released by CAS through mod_auth_cas and CASv2
> > protocol (not SAML), but I'm not sure how to achieve it.
> >
> > I set
> >
> > CASAuthNHeader ATTR
> >
> > but it just gives the authenticated user, even if successful login page
> > shows
> > correctly the attributes defined in application.properties.
> >
> > Attribute release policy for that service is
> > "attributeReleasePolicy" : {
> > "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> > },
> >
> > My validation URL is
> >
> > CASValidateURL <CAS_URL>/serviceValidate
> >
> > I don't know if this is correct. I found another value when using SAML
> > validation, but I don't know if I have to change this one for CASv2 (only
> > found this information regarding the SAML version).
> >
> > Thanks in advance,
> >
> > --
> > Alberto Cabello Sánchez
> > Servicio de Informática
> > Universidad de Extremadura
> >
> > --
> > - Website: https://apereo.github.io/cas
> > - Gitter Chatroom: https://gitter.im/apereo/cas
> > - List Guidelines: https://goo.gl/1VRrw7
> > - Contributions: https://goo.gl/mh7qDG
> > ---
> > You received this message because you are subscribed to the Google Groups
> > "CAS Community" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to cas-user+unsubscr...@apereo.org.
> > To view this discussion on the web visit
> > https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es
> > .
> >
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPmyrxJ%3DS_qSSa%2BHQFgdAFSBofFYLW8QWtVNeiMYNqJzQ%40mail.gmail.com.
--
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191029085825.c218d09f58556016ecddc721%40unex.es.
