We are doing a POC with CAS 6. We are building using the war overlay. Are
build is from the CAS 6 Master branch.
I have a simple Java client app configured for SAML1.1. This app is running
on the same Tomcat as CAS 6 itself. This is its JSON service registry entry:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://cas6test.go.utah.edu/.*";,
"name" : "cas6dev-1IdmUtahEdu",
"id" : 2020052801,
"description" : "bryan.woo...@utah.edu",
"logoutType" : "FRONT_CHANNEL",
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "firstName",
"lastName", "displayName", "email", "homephone", "department", "ou", "cn",
"telephoneNumber", "acadplan", "almail", "eduPersonAffiliation", "uid",
"eduPersonPrincipalName", "ummail", "unid", "uudept", "uuemployee",
"uustudent","psrole" ] ]
}
}
In the cas.log I see:
allowedAttributes=[firstName, lastName, displayName, email, homephone,
department, ou, cn, telephoneNumber, acadplan, almail,
eduPersonAffiliation, uid, eduPersonPrincipalName, ummail, unid, uudept,
uuemployee, uustudent, psrole]),
multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[],
failureMode=UNDEFINED, principalAttributeNameTrigger=null,
principalAttributeValueToMatch=null, bypassEnabled=false,
forceExecution=false, bypassTrustedDeviceEnabled=false, bypassPrincipa
That looks good.
But when the SAML assertion is built it doesn't include those attribute:
Any ideas on what I am missing?
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/
">
<SOAP-ENV:Body>
<saml1p:Response
InResponseTo="_0f257af65322193bce619eb2d16895e7"
IssueInstant="2020-06-01T13:54:43.797Z" MajorVersion="1"
MinorVersion="1"
ResponseID="_07a0fc4799c4445d58e12d00aa84603b"
xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol">
<saml1p:Status>
<saml1p:StatusCode Value="saml1p:Success"/>
</saml1p:Status>
<saml1:Assertion
AssertionID="_c4f37a7ef71853b1fb8e472d6db12faf"
IssueInstant="2020-06-01T13:54:43.797Z"
Issuer="localhost" MajorVersion="1" MinorVersion="1"
xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion">
<saml1:Conditions NotBefore="2020-06-01T13:54:43.797Z"
NotOnOrAfter="2020-06-01T13:55:13.797Z">
<saml1:AudienceRestrictionCondition>
<saml1:Audience>
https://cas6test.go.utah.edu/attrrelease-1.0-SNAPSHOT/attrrelease
</saml1:Audience>
</saml1:AudienceRestrictionCondition>
</saml1:Conditions>
<saml1:AuthenticationStatement
AuthenticationInstant="2020-06-01T13:54:48.138Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:passwor
d">
<saml1:Subject>
<saml1:NameIdentifier>u0519980</saml1:NameIdentifier>
<saml1:SubjectConfirmation>
</saml1:SubjectConfirmation>
</saml1:Subject>
</saml1:AuthenticationStatement>
<saml1:AttributeStatement>
<saml1:Subject>
<saml1:NameIdentifier>u0519980</saml1:NameIdentifier>
<saml1:SubjectConfirmation>
<saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</saml1:ConfirmationMethod>
</saml1:SubjectConfirmation>
</saml1:Subject>
<saml1:Attribute AttributeName="credentialType"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>UsernamePasswordCredential</saml1:AttributeValue>
<saml1:AttributeValue>DuoSecurityCredential</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute
AttributeName="samlAuthenticationStatementAuthMethod" AttributeNamespace="
http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>urn:oasis:names:tc:SAML:1.0:am:password</saml1:AttributeValue>
<saml1:AttributeValue>urn:oasis:names:tc:SAML:1.0:am:unspecified</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute AttributeName="unid"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>u0519980</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute AttributeName="isFromNewLogin"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>true</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute
AttributeName="bypassMultifactorAuthentication"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>false</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute AttributeName="authenticationDate"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>2020-06-01T13:54:48.138360Z</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute AttributeName="isFromNewLogin"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>true</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute
AttributeName="bypassMultifactorAuthentication"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>false</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute AttributeName="authenticationDate"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>2020-06-01T13:54:48.138360Z</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute
AttributeName="authenticationMethod"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>LdapAuthenticationHandler</saml1:AttributeValue>
<saml1:AttributeValue>mfa-duo</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute AttributeName="authnContextClass"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>mfa-duo</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute
AttributeName="successfulAuthenticationHandlers"
AttributeNamespace="http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>LdapAuthenticationHandler</saml1:AttributeValue>
<saml1:AttributeValue>mfa-duo</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute
AttributeName="longTermAuthenticationRequestTokenUsed" AttributeNamespace="
http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>false</saml1:AttributeValue>
</saml1:Attribute>
<saml1:Attribute AttributeName="cn" AttributeNamespace="
http://www.ja-sig.org/products/cas/";>
<saml1:AttributeValue>BRYAN
WOOTEN</saml1:AttributeValue>
</saml1:Attribute>
</saml1:AttributeStatement>
</saml1:Assertion>
saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</saml1:ConfirmationMethod>
Thanks,
Bryan (University of Utah)
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GUFcdjVkzo5nP%2BOTD3cR_AczB8E67JRqLr8WkGfxRo%3Duw%40mail.gmail.com.
