Hi,
can you share more information about how to retrieve user attribute from
LDAP databse by using samlValidate because i am facing some error and also
explain how to create ssl connection mod_auth_cas client site.
Thanks and Regards
On Thursday, September 14, 2017 at 7:34:06 PM UTC+5:30, Micas Camela wrote:
>
> Hi dhawes,
>
> I did that and now I am getting the attributes.
>
> I assume my problems are all solved.
>
> Thank you all
>
> Best regards
>
> On Thursday, September 14, 2017 at 3:58:30 PM UTC+2, dhawes wrote:
>>
>> Have you tried using the /samlValidate endpoint with "CASValidateSaml
>> On"?
>>
>> /serviceValidate may or may not return attributes, depending on your
>> CAS server. If it does, you can use mod_auth_cas from git master,
>> which supports CASv2 attributes.
>>
>> On 14 September 2017 at 09:11, Micas Camela <micas....@gmail.com> wrote:
>> > Hi Doug C,
>> >
>> > I solved the problem generating the casdev certificate (previous
>> generated
>> > using keytool) using the following commands:
>> >
>> > openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout casdev.key
>> -out
>> > casdev.crt
>> >
>> > openssl pkcs12 -export -inkey casdev.key -in casdev.crt -name tomcat
>> -out
>> > casdev.p12
>> >
>> > keytool -importkeystore -srckeystore casdev.p12 -srcstoretype pkcs12
>> > -destkeystore keystore.jks
>> >
>> >
>> > And importing the casdev.crt in CASCLIENT (/etc/httpd/conf/casdev.crt).
>> >
>> > But unfortunatelly I am only getting the username, without any
>> attributes.
>> >
>> >
>> > Thank you
>> >
>> >
>> >
>> > On Wednesday, September 13, 2017 at 2:34:45 PM UTC+2, Micas Camela
>> wrote:
>> >>
>> >> Hi there!
>> >>
>> >> I have configured on casdev (CentOS 7 + Tomcat 8.5.20 + CAS 5.0.8) and
>> >> casclient (Apache 2.4 + mod_auth_cas + php app).
>> >>
>> >> After a successfull login I am getting an error page with:
>> >>
>> >> Unauthorized
>> >>
>> >> This server could not verify that you are authorized to access the
>> >> document requested. Either you supplied the wrong credentials (e.g.,
>> bad
>> >> password), or your browser doesn't understand how to supply the
>> credentials
>> >> required.
>> >>
>> >>
>> >> CASDEV output:
>> >>
>> >>
>> >> 2017-09-12 21:57:21,374 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Locating principal attributes for mrafael>
>> >> 2017-09-12 21:57:21,374 DEBUG
>> >>
>> [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository]
>>
>>
>> >> - <DefaultPrincipalAttributesRepository will return the collection of
>> >> attributes directly associated with the principal object which are
>> >> [{cn=Micas Rafael, givenName=Micas,
>> LdapAuthenticationHandler.dn=CN=Micas
>> >> Rafael,OU=Users,OU=DSI,DC=BCITESTES,DC=local, sn=Rafael}]>
>> >> 2017-09-12 21:57:21,375 DEBUG
>> >>
>> [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository]
>>
>>
>> >> - <Found [4] cached attributes for principal [mrafael] that are
>> {cn=Micas
>> >> Rafael, givenName=Micas, LdapAuthenticationHandler.dn=CN=Micas
>> >> Rafael,OU=Users,OU=DSI,DC=BCITESTES,DC=local, sn=Rafael}>
>> >> 2017-09-12 21:57:21,375 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Found principal attributes {cn=Micas Rafael, givenName=Micas,
>> >> LdapAuthenticationHandler.dn=CN=Micas
>> >> Rafael,OU=Users,OU=DSI,DC=BCITESTES,DC=local, sn=Rafael} for mrafael>
>> >> 2017-09-12 21:57:21,375 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Calling attribute policy ReturnAllAttributeReleasePolicy to process
>> >> attributes for mrafael>
>> >> 2017-09-12 21:57:21,376 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Attribute policy ReturnAllAttributeReleasePolicy allows release of
>> >> {cn=Micas Rafael, givenName=Micas,
>> LdapAuthenticationHandler.dn=CN=Micas
>> >> Rafael,OU=Users,OU=DSI,DC=BCITESTES,DC=local, sn=Rafael} for mrafael>
>> >> 2017-09-12 21:57:21,376 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Checking default attribute policy attributes>
>> >> 2017-09-12 21:57:21,376 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Located application context. Retrieving default attributes for
>> release, if
>> >> any>
>> >> 2017-09-12 21:57:21,377 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Default attributes for release are: [cn, sn, givenName]>
>> >> 2017-09-12 21:57:21,377 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Found and added default attribute for release: cn>
>> >> 2017-09-12 21:57:21,378 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Found and added default attribute for release: sn>
>> >> 2017-09-12 21:57:21,378 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Found and added default attribute for release: givenName>
>> >> 2017-09-12 21:57:21,379 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Default attributes found to be released are {cn=Micas Rafael,
>> >> givenName=Micas, sn=Rafael}>
>> >> 2017-09-12 21:57:21,379 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Attempting to merge policy attributes and default attributes>
>> >> 2017-09-12 21:57:21,380 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Adding default attributes first to the released set of attributes>
>> >> 2017-09-12 21:57:21,380 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Adding policy attributes to the released set of attributes>
>> >> 2017-09-12 21:57:21,380 DEBUG
>> >>
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> >> <Final collection of attributes allowed are: {cn=Micas Rafael,
>> >> givenName=Micas, LdapAuthenticationHandler.dn=CN=Micas
>> >> Rafael,OU=Users,OU=DSI,DC=BCITESTES,DC=local, sn=Rafael}>
>> >> 2017-09-12 21:57:21,381 DEBUG
>> >> [org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy] -
>> <Skipping
>> >> access strategy policy, since no attributes rules are defined>
>> >> 2017-09-12 21:57:21,381 DEBUG
>> >> [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] -
>> <Current
>> >> authentication via ticket
>> >> TGT-**********************************************HSoxyIIULz-casdev
>> allows
>> >> service https://192.168.0.151/secured-by-cas/index.php to participate
>> in the
>> >> existing SSO session>
>> >> 2017-09-12 21:57:21,382 DEBUG
>> >> [org.apereo.cas.ticket.DefaultServiceTicketFactory] - <Looking up
>> service
>> >> ticket id generator for
>> >>
>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl]>
>> >> 2017-09-12 21:57:21,382 DEBUG
>> >> [org.apereo.cas.ticket.DefaultServiceTicketFactory] - <Attempting to
>> encode
>> >> service ticket ST-13-cHtrhddFq5kPa9nFdymw-casdev>
>> >> 2017-09-12 21:57:21,383 DEBUG
>> >> [org.apereo.cas.ticket.DefaultServiceTicketFactory] - <Encoded service
>> >> ticket id ST-13-cHtrhddFq5kPa9nFdymw-casdev>
>> >> 2017-09-12 21:57:21,383 DEBUG
>> >> [org.apereo.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
>> >> [TGT-**********************************************HSoxyIIULz-casdev]
>> to
>> >> registry.>
>> >> 2017-09-12 21:57:21,384 DEBUG
>> >> [org.apereo.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
>> >> [ST-13-cHtrhddFq5kPa9nFdymw-casdev] to registry.>
>> >> 2017-09-12 21:57:21,384 INFO
>> >> [org.apereo.cas.CentralAuthenticationServiceImpl] - <Granted ticket
>> >> [ST-13-cHtrhddFq5kPa9nFdymw-casdev] for service
>> >> [https://192.168.0.151/secured-by-cas/index.php] and principal
>> [mrafael]>
>> >> 2017-09-12 21:57:21,384 DEBUG
>> >> [org.apereo.cas.CentralAuthenticationServiceImpl] - <Publishing
>> >>
>> org.apereo.cas.support.events.CasServiceTicketGrantedEvent@72e6be69[ticketGrantingTicket=TGT-**********************************************HSoxyIIULz-casdev,serviceTicket=ST-13-cHtrhddFq5kPa9nFdymw-casdev]>
>>
>>
>> >> 2017-09-12 21:57:21,384 DEBUG
>> >> [org.apereo.cas.audit.spi.ThreadLocalPrincipalResolver] - <Resolving
>> >> principal at audit point [execution(ServiceTicket
>> >>
>> org.apereo.cas.CentralAuthenticationServiceImpl.grantServiceTicket(String,Service,AuthenticationResult))]>
>>
>>
>> >> 2017-09-12 21:57:21,385 INFO
>> >> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
>> <Audit
>> >> trail record BEGIN
>> >> =============================================================
>> >> WHO: mrafael
>> >> WHAT: ST-13-cHtrhddFq5kPa9nFdymw-casdev for
>> >> https://192.168.0.151/secured-by-cas/index.php
>> >> ACTION: SERVICE_TICKET_CREATED
>> >> APPLICATION: CAS
>> >> WHEN: Tue Sep 12 21:57:21 EDT 2017
>> >> CLIENT IP ADDRESS: 192.168.0.1
>> >> SERVER IP ADDRESS: 192.168.0.150
>> >> =============================================================
>> >>
>> >> CASCLIENT:
>> >>
>> >>
>> >> [Tue Sep 12 21:58:22.473143 2017] [ssl:info] [pid 10811] (70007)The
>> >> timeout specified has expired: [client 192.168.0.1:62026] AH01991:
>> SSL input
>> >> filter read failed.
>> >> [Tue Sep 12 21:58:22.473219 2017] [ssl:debug] [pid 10811]
>> >> ssl_engine_io.c(992): [client 192.168.0.1:62026] AH02001: Connection
>> closed
>> >> to child 2 with standard shutdown (server 192.168.0.151:443)
>> >> [Tue Sep 12 21:58:23.222991 2017] [ssl:info] [pid 10812] [client
>> >> 192.168.0.1:62029] AH01964: Connection to child 3 established (server
>> >> 192.168.0.151:443)
>> >> [Tue Sep 12 21:58:23.223794 2017] [ssl:debug] [pid 10812]
>> >> ssl_engine_kernel.c(1812): [client 192.168.0.1:62029] AH02041:
>> Protocol:
>> >> TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
>> >> [Tue Sep 12 21:58:23.224096 2017] [ssl:info] [pid 10812] (70014)End of
>> >> file found: [client 192.168.0.1:62029] AH01991: SSL input filter read
>> >> failed.
>> >> [Tue Sep 12 21:58:23.224146 2017] [ssl:debug] [pid 10812]
>> >> ssl_engine_io.c(992): [client 192.168.0.1:62029] AH02001: Connection
>> closed
>> >> to child 3 with standard shutdown (server 192.168.0.151:443)
>> >> [Tue Sep 12 21:58:23.224847 2017] [ssl:info] [pid 10809] [client
>> >> 192.168.0.1:62030] AH01964: Connection to child 0 established (server
>> >> 192.168.0.151:443)
>> >> [Tue Sep 12 21:58:23.225255 2017] [ssl:debug] [pid 10809]
>> >> ssl_engine_kernel.c(1812): [client 192.168.0.1:62030] AH02041:
>> Protocol:
>> >> TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
>> >> [Tue Sep 12 21:58:23.225750 2017] [ssl:debug] [pid 10809]
>> >> ssl_engine_kernel.c(224): [client 192.168.0.1:62030] AH02034: Initial
>> (No.1)
>> >> HTTPS request received for child 0 (server 192.168.0.151:443),
>> referer:
>> >> https://192.168.0.151/
>> >> [Tue Sep 12 21:58:23.225832 2017] [authz_core:debug] [pid 10809]
>> >> mod_authz_core.c(809): [client 192.168.0.1:62030] AH01626:
>> authorization
>> >> result of Require valid-user : denied (no authenticated user yet),
>> referer:
>> >> https://192.168.0.151/
>> >> [Tue Sep 12 21:58:23.225840 2017] [authz_core:debug] [pid 10809]
>> >> mod_authz_core.c(809): [client 192.168.0.1:62030] AH01626:
>> authorization
>> >> result of <RequireAny>: denied (no authenticated user yet), referer:
>> >> https://192.168.0.151/
>> >> [Tue Sep 12 21:58:23.225846 2017] [auth_cas:debug] [pid 10809]
>> >> mod_auth_cas.c(2076): [client 192.168.0.1:62030] Entering
>> >> cas_authenticate(), referer: https://192.168.0.151/
>> >> [Tue Sep 12 21:58:23.225854 2017] [auth_cas:debug] [pid 10809]
>> >> mod_auth_cas.c(584): [client 192.168.0.1:62030] CAS Service
>> >> 'https%3a%2f%2f192.168.0.151%2fsecured-by-cas%2findex.php', referer:
>> >> https://192.168.0.151/
>> >> [Tue Sep 12 21:58:23.225856 2017] [auth_cas:debug] [pid 10809]
>> >> mod_auth_cas.c(532): [client 192.168.0.1:62030] entering
>> getCASLoginURL(),
>> >> referer: https://192.168.0.151/
>> >> [Tue Sep 12 21:58:23.225860 2017] [auth_cas:debug] [pid 10809]
>> >> mod_auth_cas.c(509): [client 192.168.0.1:62030] entering
>> getCASGateway(),
>> >> referer: https://192.168.0.151/
>> >> [Tue Sep 12 21:58:23.225861 2017] [auth_cas:debug] [pid 10809]
>> >> mod_auth_cas.c(599): [client 192.168.0.1:62030] entering
>> redirectRequest(),
>> >> referer: https://192.168.0.151/
>> >> [Tue Sep 12 21:58:23.225863 2017] [auth_cas:debug] [pid 10809]
>> >> mod_auth_cas.c(611): [client 192.168.0.1:62030] Adding outgoing
>> header:
>> >> Location:
>> >>
>> https://192.168.0.150:8443/cas/login?service=https%3a%2f%2f192.168.0.151%2fsecured-by-cas%2findex.php,
>>
>>
>> >> referer: https://192.168.0.151/
>> >> [Tue Sep 12 21:58:23.275446 2017] [ssl:debug] [pid 10809]
>> >> ssl_engine_kernel.c(224): [client 192.168.0.1:62030] AH02034:
>> Subsequent
>> >> (No.2) HTTPS request received for child 0 (server 192.168.0.151:443),
>> >> referer: https://192.168.0.151/
>> >> [Tue Sep 12 21:58:23.275554 2017] [authz_core:debug] [pid 10809]
>> >> mod_authz_core.c(809): [client 192.168.0.1:62030] AH01626:
>> authorization
>> >> result of Require valid-user : denied (no authenticated user yet),
>> referer:
>> >> https://192.168.0.151/
>> >> [Tue Sep 12 21:58:23.275560 2017] [authz_core:debug] [pid 10809]
>> >> mod_authz_core.c(809): [client 192.168.0.1:62030] AH01626:
>> authorization
>> >> result of <RequireAny>: denied (no authenticated user yet), referer:
>> >> https://
>> >
>> > ...
>> >
>> > [Message clipped]
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/08666602-d8f5-41b6-9f50-a2ef1252b7da%40apereo.org.
