paolo-3 wrote: > > I did a debug of class Saml11TicketValidator. > The problem seems to be the method parseResponseFromServer, within the > method call to getAttributesFor (assertion, subject) returns an empty > array. >
On my application, I retrieve the attributes Name, Email and Username from an LDAP attribute repository. If I debug the client side in method parseResponseFromServer(String response), my response string looks like this: -------------- snip ----------------------- <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";> <SOAP-ENV:Header /> <SOAP-ENV:Body> <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; IssueInstant="2010-06-08T10:24:27.331Z" MajorVersion="1" MinorVersion="1" Recipient="http://localhost:8080/casclient/secure/"; ResponseID="_b25d928338f91dc9b34f590655769ffc"> <Status> <StatusCode Value="samlp:Success"></StatusCode> </Status> <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_e5f5c66e16a862da0e5ba099b90e7ac9" IssueInstant="2010-06-08T10:24:27.331Z" Issuer="localhost" MajorVersion="1" MinorVersion="1"> <Conditions NotBefore="2010-06-08T10:24:27.331Z" NotOnOrAfter="2010-06-08T10:24:57.331Z"> <AudienceRestrictionCondition> <Audience>http://localhost:8080/casclient/secure/</Audience> </AudienceRestrictionCondition> </Conditions> <AttributeStatement> <Subject> <NameIdentifier>user1</NameIdentifier> <SubjectConfirmation> <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact </ConfirmationMethod> </SubjectConfirmation> </Subject> <Attribute AttributeName="Name" AttributeNamespace="http://www.ja-sig.org/products/cas/";> <AttributeValue>User1 CN</AttributeValue> </Attribute> <Attribute AttributeName="Email" AttributeNamespace="http://www.ja-sig.org/products/cas/";> <AttributeValue>us...@domain.org</AttributeValue> </Attribute> <Attribute AttributeName="Username" AttributeNamespace="http://www.ja-sig.org/products/cas/";> <AttributeValue>user1</AttributeValue> </Attribute> </AttributeStatement> <AuthenticationStatement AuthenticationInstant="2010-06-08T10:24:26.646Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"> <Subject> <NameIdentifier>user1</NameIdentifier> <SubjectConfirmation> <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact </ConfirmationMethod> </SubjectConfirmation> </Subject> </AuthenticationStatement> </Assertion> </Response> </SOAP-ENV:Body> </SOAP-ENV:Envelope> -------------- snap ----------------------- Is there an <AttributeStatement> node on your client holding several <Attribute> sub nodes? If not, the server DOES NOT send them. My array of SAMLAttribute's look like: --------------- snip------------------------ [ <Attribute xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; AttributeName="Name" AttributeNamespace="http://www.ja-sig.org/products/cas/";> <AttributeValue>User1 CN</AttributeValue> </Attribute> , <Attribute xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; AttributeName="Email" AttributeNamespace="http://www.ja-sig.org/products/cas/";> <AttributeValue>us...@domain.org</AttributeValue> </Attribute> , <Attribute xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; AttributeName="Username" AttributeNamespace="http://www.ja-sig.org/products/cas/";> <AttributeValue>user1</AttributeValue> </Attribute> ] --------------- snap------------------------ Best wishes -- Tobias -- View this message in context: http://jasig.275507.n4.nabble.com/Retrieve-logon-info-tp2245891p2247170.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
