To remove unwanted authentication attributes add excludeDefaultAttributes:
true.

On Thu, Jan 23, 2020 at 7:33 AM Josh <grochow...@students.rowan.edu> wrote:

> Apologies, I see you have that already, I mis-read the original post :)
>
> On Thursday, January 23, 2020 at 10:32:36 AM UTC-5, Josh wrote:
>>
>> You dont need an allowedAttributes sections for this, just an
>> attributeReleasePolicy like so:
>>
>>    attributeReleasePolicy : {
>>         @class :
>> org.apereo.cas.services.ReturnMappedAttributeReleasePolicy
>>         allowedAttributes : {
>>             @class : java.util.TreeMap
>>             mail : "urn:oid:0.9.2342.19200300.100.1.3"
>>             gecos : "urn:oid:2.16.840.1.113730.3.1.241"
>>             eduPersonPrincipalName : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
>>         }
>>     }
>>
>>
>> On Thursday, January 23, 2020 at 3:54:19 AM UTC-5, stonej wrote:
>>>
>>> Hello All,
>>>
>>> I am trying to move away from shibboleth IDP and move to CAS IDP but
>>> having a few issues, I have had a look at the documentation and this group
>>> and cannot seem to find the answer.  I need to pass certain attributes,
>>> these ones -
>>>
>>> urn:oid:0.9.2342.19200300.100.1.3 - mail value email address
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value member
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value staff or
>>> student
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.6 - eduPersonPrincipalName mail value
>>> email address
>>> urn:oid:2.5.4.4 - sn value surname
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value
>>> mem...@domain.com
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value
>>> staff or stu...@domain.com
>>> urn:oid:2.5.4.42 - givenName value First Name
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.10 - eduPersonTargetedID Value random id
>>> based on salt
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.7 - eduPersonEntitlement value
>>> urn:mace:dir:entitlement:common-lib-terms
>>>
>>> but I am getting :
>>>
>>> credentialType credentialType UsernamePasswordCredential
>>> samlAuthenticationStatementAuthMethod
>>> samlAuthenticationStatementAuthMethod
>>> urn:oasis:names:tc:SAML:1.0:am:password
>>> isFromNewLogin isFromNewLogin true
>>> authenticationDate authenticationDate 2020-01-22T13:59:03.213799Z
>>> urn:oid:0.9.2342.19200300.100.1.3 urn:oid:0.9.2342.19200300.100.1.3
>>> em...@domain.com
>>> authenticationMethod authenticationMethod LdapAuthenticationHandler
>>> urn:oid:0.9.2342.19200300.100.1.1 urn:oid:0.9.2342.19200300.100.1.1
>>> Username
>>> successfulAuthenticationHandlers successfulAuthenticationHandlers
>>> LdapAuthenticationHandler
>>> longTermAuthenticationRequestTokenUsed
>>> longTermAuthenticationRequestTokenUsed false
>>> urn:oid:2.5.4.42 urn:oid:2.5.4.42 FirstName
>>> urn:oid:2.5.4.4 urn:oid:2.5.4.4 Surname
>>>
>>> Here is my JSON file:
>>>
>>> {
>>>   "@class" :
>>> "org.apereo.cas.support.saml.services.SamlRegisteredService",
>>>   "serviceId" : "SERVICE",
>>>   "name" : "Apache Secured By SAML",
>>>   "id" : 100000011,
>>>   "description" : "CAS development Apache mod_shib/shibd server with
>>> username/password protection",
>>>   "metadataLocation" : "file:////etc/cas/saml/metadata/metadata.xml",
>>>   "encryptAssertions": "true",
>>>   "attributeReleasePolicy" : {
>>>     "@class" :
>>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
>>> "allowedAttributes" : {
>>>       "@class" : "java.util.TreeMap",
>>>   "eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName",
>>>       "cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
>>>       "displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
>>>       "givenName" : "urn:oid:2.5.4.42",
>>>       "mail" : "urn:oid:0.9.2342.19200300.100.1.3",
>>>       "role" : "urn:DOMAIN:attribute-def:role",
>>>       "sn" : "urn:oid:2.5.4.4",
>>>       "uid" : "urn:oid:0.9.2342.19200300.100.1.1",
>>>       "UDC_IDENTIFIER": "urn:DOMAIN:attribute-def:UDC_IDENTIFIER",
>>>   "eppn" : "urn:oid:0.9.2342.19200300.100.1.1"
>>>   "affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
>>>   "affiliation" : "staff"
>>>     }
>>> "persistentIdGenerator" : {
>>>       "@class" :
>>> "org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
>>>       "salt" : "aGVsbG93b3JsZA==",
>>>       "attribute": "eduPersonEntitlement"
>>>     }
>>>   },
>>>   "evaluationOrder" : 1125
>>> }
>>>
>>>
>>> What am I doing wrong ?  I do have other files to prepare but I know if
>>> I can get this one working I can get the other ones working,
>>>
>>> Thanks for all your help
>>>
>>> Jeff
>>>
>>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/04d8a27f-bbf9-43f2-926a-67f1e07fc45d%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/04d8a27f-bbf9-43f2-926a-67f1e07fc45d%40apereo.org?utm_medium=email&utm_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEb9AqkzWrwxcB9NAyGjaPAc0q35Fa7_aNv0y%3DMy1qwgqw%40mail.gmail.com.

Reply via email to