No worries. I just wasn't near a computer. With Attribute Release, the CAS Server requires that you use attributes in combination with the Services Management Tool. This tool allows a CAS server admin to state which services can have access to particular attributes.
The URL of the service is a pattern-matched URL (I believe Ant pattern matching). So If you service is http://my.foo.com/serviceA/haha you might need your service url in the tool to be http://my.foo.com/serviceA/** On Mon, May 31, 2010 at 8:02 PM, McKennon, Robert <robert.mcken...@idea.com>wrote: > Yes, please don’t text and drive! > > > > Rob. > > > > > > *From:* scott.battag...@gmail.com [mailto:scott.battag...@gmail.com] > *Sent:* Monday, May 31, 2010 6:35 PM > > *To:* cas-user@lists.jasig.org > *Subject:* Re: [cas-user] mail attribute question > > > > Ill reply when I'm not on my phone. Too much typing for this keyboard :-) > > Sent from my Verizon Wireless BlackBerry > ------------------------------ > > *From: *"McKennon, Robert" <robert.mcken...@idea.com> > > *Date: *Mon, 31 May 2010 18:27:33 -0400 > > *To: *<cas-user@lists.jasig.org> > > *Subject: *RE: [cas-user] mail attribute question > > > > Scott, > > > > So, the first thing to do in the management tool is add “services > management http://localhost:8080/cas/services/*” > > I did that, and I can access the services management tool. (woohoo!) > > > > Next, I’m a little confused (ok, a lot confused) on what URL to provide. > I’ve tried several, and none seem to work. > > > > https://fl028centos:8443/cas/login* > > > > I always seem to get: “The application you attempted to authenticate to is > not authorized to use CAS” > > > > I think I’m missing some “big picture” concept… > > > > I do see the “mail” attribute at the bottom though! > > > > V/R, > > > > Rob McKennon > > Unix Admin (fish out of water) > > > > *From:* scott.battag...@gmail.com [mailto:scott.battag...@gmail.com] > *Sent:* Monday, May 31, 2010 6:06 PM > *To:* cas-user@lists.jasig.org > *Subject:* Re: [cas-user] mail attribute question > > > > Did you release the attribute to the service via the service management > tool? Attribute release is controlled. > > Sent from my Verizon Wireless BlackBerry > ------------------------------ > > *From: *"McKennon, Robert" <robert.mcken...@idea.com> > > *Date: *Mon, 31 May 2010 17:34:38 -0400 > > *To: *<cas-user@lists.jasig.org> > > *Subject: *[cas-user] mail attribute question > > > > I’m looking to retrieve an attribute from LDAP (specifically “mail”) upon a > samlValidate. But testing with SoapUI, I only see the NameIdentifier being > returned. Can someone tell me what I am missing? > > I’ve seen other posts online where their “POST” is exactly like this, but > they get a lot more returned than I do. > > > > > > Here’s the post: > > > > <SOAP-ENV:Envelope > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";> > > <SOAP-ENV:Header/> > > <SOAP-ENV:Body> > > <samlp:Request > > > xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" > > MajorVersion="1" MinorVersion="1" > > RequestID="_192.168.16.51.1024506224022" > > IssueInstant="2002-06-19T17:03:44.022Z"> > > <samlp:AssertionArtifact> > > > ST-1-cfcmLSReEOChVF94M92M-cas > > </samlp:AssertionArtifact> > > </samlp:Request> > > </SOAP-ENV:Body> > > </SOAP-ENV:Envelope> > > > > And here’s the return: > > > > <SOAP-ENV:Envelope xmlns:SOAP-ENV=" > http://schemas.xmlsoap.org/soap/envelope/";> > > <SOAP-ENV:Header/> > > <SOAP-ENV:Body> > > <Response IssueInstant="2010-05-31T21:07:48.720Z" MajorVersion="1" > MinorVersion="1" Recipient="http://192.168.167.74/"; > ResponseID="_564b8553fa03d33e1a03ce77179cd0a2" > xmlns="urn:oasis:names:tc:SAML:1.0:protocol" > xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" > xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd=" > http://www.w3.org/2001/XMLSchema"; xmlns:xsi=" > http://www.w3.org/2001/XMLSchema-instance";> > > <Status> > > <StatusCode Value="samlp:Success"/> > > </Status> > > <Assertion AssertionID="_ac517d905e7c8dbbe5fb5784579d3088" > IssueInstant="2010-05-31T21:07:48.720Z" Issuer="localhost" MajorVersion="1" > MinorVersion="1" xmlns="urn:oasis:names:tc:SAML:1.0:assertion"> > > <Conditions NotBefore="2010-05-31T21:07:48.720Z" > NotOnOrAfter="2010-05-31T21:08:18.720Z"> > > <AudienceRestrictionCondition> > > > <Audience>http://192.168.167.74/</Audience<http://192.168.167.74/%3c/Audience> > > > > </AudienceRestrictionCondition> > > </Conditions> > > <AuthenticationStatement > AuthenticationInstant="2010-05-31T21:06:37.578Z" > AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"> > > <Subject> > > <NameIdentifier>test1</NameIdentifier> > > <SubjectConfirmation> > > > <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod> > > </SubjectConfirmation> > > </Subject> > > </AuthenticationStatement> > > </Assertion> > > </Response> > > </SOAP-ENV:Body> > > </SOAP-ENV:Envelope> > > > > > > > > V/R, > > > > Rob McKennon > > Unix Admin (fish out of water) > > > > -- > > You are currently subscribed to cas-user@lists.jasig.org as: > scott.battag...@gmail.com > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > > You are currently subscribed to cas-user@lists.jasig.org as: > robert.mcken...@idea.com > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > > You are currently subscribed to cas-user@lists.jasig.org as: > scott.battag...@gmail.com > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > > You are currently subscribed to cas-user@lists.jasig.org as: > robert.mcken...@idea.com > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > scott.battag...@gmail.com > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
