Hi Colin,
I have take a look into your problem, which is using *Radius Authentication
a*nd *LDAP *attribute, and LDAP attribute don't come up.
I am using CAS 6.1.1 + Freeradius + OpenLDAP as demo, but I think the
solution should be applicable to CAS 6.0 and other technology as well.
Before going for the fix, I did some research and deducing:
- LDAP Attribute + other authentication *do work* (e.g. JSON / REST) ....
- So the problems seems to be *Radius Authetication*
- I am suspecting that, because Radius Authentication is so deeply coupled
with MFA, if we don't enabled MFA Radius will have weird behavior.
After some trail and error, here what I did to make LDAP attribute appears:
- In here
https://github.com/apereo/cas/blob/v6.1.1/support/cas-server-support-radius/src/main/java/org/apereo/cas/config/RadiusConfiguration.java#L168
plan.registerAuthenticationHandler(radiusAuthenticationHandler());
Change it to
plan.registerAuthenticationHandlerWithPrincipalResolver(radiusAuthenticationHandler(),
defaultPrincipalResolver.getObject());
And add defaultPrincipalResolver back to the file:
@Autowired
@Qualifier("defaultPrincipalResolver")
private ObjectProvider<PrincipalResolver> defaultPrincipalResolver;
And... after that change, as you can see in the below capture, I can login
with Radius Authentication and also output LDAP Attribute.
[image: Annotation 2019-11-07 173857.png]
I am using hard coded method to fix the above, you should use more elegant
way to fix it, or better yet submit a PR to CAS to fix the source of
problem :)
If you have docker installed, I have also a github branch here:
https://github.com/NgSekLong/SelectUrCAS/tree/test_radius_problem_20191107
Which contain the fixed version demo for your testing.
You can see the demo after cloning the above repository, and execute the
below Command to generate the demo:
docker-compose -f docker-compose.yml -f
./source/authentication/freeradius/docker-compose.yml -f
./source/authentication-attribute/openldap/docker-compose.yml -f
./source/client/phpcas/docker-compose.yml -f
./source/service-registry/json-1001/docker-compose.yml up
Go to https://127.0.0.1:8443/cas/login <http://127.0.0.1:8443/cas/login>
casuser:Mellon
Should see the result
See if the above helps you...
Cheers!
- Andy
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ddc3147f-cbe2-4bd8-a349-38b88df25115%40apereo.org.