Aaron, Do you also have an attribute list for the authn definition? like: cas.authn.ldap[0].principalAttributeList=cn,sn,...
If so, your attributes may be coming from attribute list instead of attribute-repository. Check you repository settings (and maybe comment out attribute list). Cas can get attributes at time of authentication (at least for ldap, we do not use another source). attribute-repository is searched after authentication (requires another call to the remote service). Ray On Thu, 2023-08-31 at 12:34 -0700, Aaron Chantrill wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Yes, the attribute repository is cas.authn.attribute-repository.jdbc[0] It works fine with my cas.authn.ldap[0] and cas.authn.jdbc.search[0] authentication services, but seems to get skipped when I use the cas.authn.pac4j.oidc[0].azure authentication service. The attributes I get back are the ones defined in my Azure AD application. Thank you! (I hope I'm not spamming you, I just replied a few minutes ago but now I can't find it...) On Thursday, August 31, 2023 at 11:54:26 AM UTC-4 Ray Bon wrote: Aaron, Do you have the attribute repository defined with: cas.authn.attribute-repository. ... properties? Ray On Wed, 2023-08-30 at 13:04 -0700, Aaron Chantrill wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I'm trying to use a specific attribute repository after authenticating with Azure AD as a delegate identity provider. Authenticating with Azure AD works fine and I can see the attributes, but really I just want to use the samaccountname attribute to retrieve attributes from a database. Previously I had both LDAP and JDBC identity providers (for different types of users) and both of them used the only attribute repository I had defined, but it seems like delegate identity providers like to use their own attributes. Is there some way to force CAS to append attributes from a different attribute provider after authenticating with a delegate identity provider? Thank you! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d6255a9893029e2f37f3ab470671aed7fcd7a0c3.camel%40uvic.ca.
