You dont need an allowedAttributes sections for this, just an
attributeReleasePolicy like so:
attributeReleasePolicy : {
@class : org.apereo.cas.services.ReturnMappedAttributeReleasePolicy
allowedAttributes : {
@class : java.util.TreeMap
mail : "urn:oid:0.9.2342.19200300.100.1.3"
gecos : "urn:oid:2.16.840.1.113730.3.1.241"
eduPersonPrincipalName : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
}
}
On Thursday, January 23, 2020 at 3:54:19 AM UTC-5, stonej wrote:
>
> Hello All,
>
> I am trying to move away from shibboleth IDP and move to CAS IDP but
> having a few issues, I have had a look at the documentation and this group
> and cannot seem to find the answer. I need to pass certain attributes,
> these ones -
>
> urn:oid:0.9.2342.19200300.100.1.3 - mail value email address
> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value member
> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value staff or
> student
> urn:oid:1.3.6.1.4.1.5923.1.1.1.6 - eduPersonPrincipalName mail value email
> address
> urn:oid:2.5.4.4 - sn value surname
> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value
> mem...@domain.com <javascript:>
> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value staff
> or stu...@domain.com <javascript:>
> urn:oid:2.5.4.42 - givenName value First Name
> urn:oid:1.3.6.1.4.1.5923.1.1.1.10 - eduPersonTargetedID Value random id
> based on salt
> urn:oid:1.3.6.1.4.1.5923.1.1.1.7 - eduPersonEntitlement value
> urn:mace:dir:entitlement:common-lib-terms
>
> but I am getting :
>
> credentialType credentialType UsernamePasswordCredential
> samlAuthenticationStatementAuthMethod
> samlAuthenticationStatementAuthMethod
> urn:oasis:names:tc:SAML:1.0:am:password
> isFromNewLogin isFromNewLogin true
> authenticationDate authenticationDate 2020-01-22T13:59:03.213799Z
> urn:oid:0.9.2342.19200300.100.1.3 urn:oid:0.9.2342.19200300.100.1.3
> em...@domain.com <javascript:>
> authenticationMethod authenticationMethod LdapAuthenticationHandler
> urn:oid:0.9.2342.19200300.100.1.1 urn:oid:0.9.2342.19200300.100.1.1
> Username
> successfulAuthenticationHandlers successfulAuthenticationHandlers
> LdapAuthenticationHandler
> longTermAuthenticationRequestTokenUsed
> longTermAuthenticationRequestTokenUsed false
> urn:oid:2.5.4.42 urn:oid:2.5.4.42 FirstName
> urn:oid:2.5.4.4 urn:oid:2.5.4.4 Surname
>
> Here is my JSON file:
>
> {
> "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
> "serviceId" : "SERVICE",
> "name" : "Apache Secured By SAML",
> "id" : 100000011,
> "description" : "CAS development Apache mod_shib/shibd server with
> username/password protection",
> "metadataLocation" : "file:////etc/cas/saml/metadata/metadata.xml",
> "encryptAssertions": "true",
> "attributeReleasePolicy" : {
> "@class" :
> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
> "allowedAttributes" : {
> "@class" : "java.util.TreeMap",
> "eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName",
> "cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
> "displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
> "givenName" : "urn:oid:2.5.4.42",
> "mail" : "urn:oid:0.9.2342.19200300.100.1.3",
> "role" : "urn:DOMAIN:attribute-def:role",
> "sn" : "urn:oid:2.5.4.4",
> "uid" : "urn:oid:0.9.2342.19200300.100.1.1",
> "UDC_IDENTIFIER": "urn:DOMAIN:attribute-def:UDC_IDENTIFIER",
> "eppn" : "urn:oid:0.9.2342.19200300.100.1.1"
> "affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
> "affiliation" : "staff"
> }
> "persistentIdGenerator" : {
> "@class" :
> "org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
> "salt" : "aGVsbG93b3JsZA==",
> "attribute": "eduPersonEntitlement"
> }
> },
> "evaluationOrder" : 1125
> }
>
>
> What am I doing wrong ? I do have other files to prepare but I know if I
> can get this one working I can get the other ones working,
>
> Thanks for all your help
>
> Jeff
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d7120e00-0c4f-440f-aba9-8a6241a8bcf3%40apereo.org.
