Hello All,
Could someone please verify the following? I am trying to map an
AlternateUsername to Google.
I can verify that in GoogleAccountsService.java, the SAML response is being
created with the correctly mapped attribute meaning LDAP/attribute
repository/resolvers seem to all be configured correctly, also the
argumentExtractor seems to be pulling the alternateUsername correctly,
please see below:
private String constructSamlResponse() {
String samlResponse = TEMPLATE_SAML_RESPONSE;
final Calendar c = Calendar.getInstance();
c.setTime(new Date());
c.add(Calendar.YEAR, 1);
final String userId;
log.debug("AlternameUserName: " + this.alternateUserName);
if (this.alternateUserName == null) {
userId = getPrincipal().getId();
} else {
final String attributeValue = (String)
getPrincipal().getAttributes().get(this.alternateUserName);
log.debug("AttributeValue of alternateusername: " +
attributeValue);
if (attributeValue == null) {
userId = getPrincipal().getId();
} else {
userId = attributeValue;
}
}
log.debug("UserId value: " + userId);
samlResponse = samlResponse.replace("<USERNAME_STRING>", userId);
samlResponse = samlResponse.replace("<RESPONSE_ID>", createID());
samlResponse = samlResponse.replace("<ISSUE_INSTANT>", SamlUtils
.getCurrentDateAndTime());
samlResponse = samlResponse.replace("<AUTHN_INSTANT>", SamlUtils
.getCurrentDateAndTime());
samlResponse = samlResponse.replaceAll("<NOT_ON_OR_AFTER>",
SamlUtils
.getFormattedDateAndTime(c.getTime()));
samlResponse = samlResponse.replace("<ASSERTION_ID>", createID());
samlResponse = samlResponse.replaceAll("<ACS_URL>", getId());
samlResponse = samlResponse.replace("<REQUEST_ID>", this.requestId);
return samlResponse;
}
The extra log.debug lines allowed me to see that the correct values are
indeed getting populated. The final result is my application redirecting me
to a URL in the form of https://www.google.com/a/domain.edu/acs but the
page is blank. From the start, I havent changed any of the configurations,
but still fail to get the attribute mapping/SAML responses to Google
correctly. Here is some of the cas.log during this process.
2010-08-03 14:49:07,886 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor did not
generate service.>
2010-08-03 14:49:07,887 DEBUG
[org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor did not
generate service.>
2010-08-03 14:49:07,897 DEBUG
[org.jasig.cas.web.support.GoogleAccountsArgumentExtractor] - <Extractor
generated service for: https://www.google.com/a/domain.edu/acs>
2010-08-03 14:49:07,898 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in
FlowScope: https://www.google.com/a/domain.edu/acs>
2010-08-03 14:49:17,894 DEBUG
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <Performing
LDAP bind with credential: uid=000226420,ou=people,dc=domain,dc=edu>
2010-08-03 14:49:18,017 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials: [username:
000226420]>
2010-08-03 14:49:18,018 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalR
esolver] - <Attempting to resolve a principal...>
2010-08-03 14:49:18,018 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincip
alResolver] - <Attempting to resolve a principal...>
2010-08-03 14:49:18,019 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincip
alResolver] - <Creating SimplePrincipal for [000226420]>
2010-08-03 14:49:18,019 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalR
esolver] - <Resolved 000226420. Trying LDAP resolve now...>
2010-08-03 14:49:18,019 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalR
esolver] - <LDAP search with filter "(uid=000226420)">
2010-08-03 14:49:18,019 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalR
esolver] - <returning searchcontrols: scope=2; search
base=ou=people,dc=domain,dc=edu; attributes=[uid]; timeout=1000>
2010-08-03 14:49:18,139 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalR
esolver] - <CredentialResolver attribute: uid: 000226420>
2010-08-03 14:49:18,140 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalR
esolver] - <Resolved 000226420 to 000226420>
2010-08-03 14:49:18,140 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalR
esolver] - <Creating SimplePrincipal for [000226420]>
2010-08-03 14:49:18,140 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
<Created seed map='{username=[000226420]}' for uid='000226420'>
2010-08-03 14:49:18,141 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - <Adding
attribute 'uid' with value '[000226420]' to query builder 'null'>
2010-08-03 14:49:18,141 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
<Generated query builder '(uid=000226420)' from query Map
{username=[000226420]}.>
2010-08-03 14:49:18,271 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - <Query
Result Size: 1>
2010-08-03 14:49:18,272 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
<QueryUserName in For Loop: 000226420>
2010-08-03 14:49:18,272 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - <Query
People Attributes:
[CaseInsensitiveNamedPersonImpl[name=000226420,attributes={domainEduPersonAl
tUid=[coyotej]}]]>
2010-08-03 14:49:18,273 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[TGT-2-IBZxI5sOdCVMuLP5Z3YAM27i4e9rhrEn9XHymsYK0WZZ2taIB7-cas] to registry.>
2010-08-03 14:49:18,274 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
2010-08-03 14:49:18,276 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie
with name [CASTGC] and value
[TGT-2-IBZxI5sOdCVMuLP5Z3YAM27i4e9rhrEn9XHymsYK0WZZ2taIB7-cas]>
2010-08-03 14:49:18,277 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket
[TGT-2-IBZxI5sOdCVMuLP5Z3YAM27i4e9rhrEn9XHymsYK0WZZ2taIB7-cas]>
2010-08-03 14:49:18,277 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-2-IBZxI5sOdCVMuLP5Z3YAM27i4e9rhrEn9XHymsYK0WZZ2taIB7-cas] found in
registry.>
2010-08-03 14:49:18,279 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[ST-2-Ac2CVEeJJtfKrAf4Vo5a-cas] to registry.>
2010-08-03 14:49:18,279 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket
[ST-2-Ac2CVEeJJtfKrAf4Vo5a-cas] for service
[https://www.google.com/a/domain.edu/acs] for user [000226420]>
2010-08-03 14:49:18,282 DEBUG
[org.jasig.cas.authentication.principal.GoogleAccountsService] -
<AlternameUserName: domainEduPersonAltUid>
2010-08-03 14:49:18,282 DEBUG
[org.jasig.cas.authentication.principal.GoogleAccountsService] -
<AttributeValue of alternateusername: coyotej>
2010-08-03 14:49:18,282 DEBUG
[org.jasig.cas.authentication.principal.GoogleAccountsService] - <UserId
value: coyotej>
Anyone experience anything similar?
Patrick O'Connor
Operating Systems Analyst
Administrative Computing Services &
Common Management System,
California State University, San Bernardino
Office: (909) 537-5000 Ext: 73758
Email: <mailto:[email protected]> [email protected]
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
