Hi,
I have a working setup of cas-server 3.4.2.1 with many services
authenticating
through CAS.
I want to setup a new service with phpCAS 1.1.2 and do attribute release
through SAML 1.1
using an LDAP repo.
I've read
https://wiki.jasig.org/display/CASC/phpCAS+examples#phpCASexamples-SAMLProtocolwithAttributeRelease
https://wiki.jasig.org/display/CASUM/SAML+1.1 and
https://wiki.jasig.org/display/CASUM/Attributes
I did the example of the later but unfortunately I cant get any
attribute back.
phpCAS is getting the response from samlValidate but there are no
attributes there.
-> SAML Attributes are empty [client.php:1628]
I'm attaching my deployerConfigContext.xml in case anyone want to have a
look,
cause I can't find what's going wrong. I'm trying to release Fax and
Telephone
but at the end I want to get custom attributes from LDAP including the
password
(if this is possible) the user entered in the login form of CAS.
Any help is appreciated.
regards,
Giannis
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xmlns:sec="http://www.springframework.org/schema/security";
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd";>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
</property>
<property name="filter" value="(|(mail=%u)(eduPersonPrincipalName=%u))" />
<property name="principalAttributeName" value="eduPersonPrincipalName" />
<property name="searchBase" value="dc=example,dc=com" />
<property name="contextSource" ref="contextSource" />
<property name="attributeRepository">
<ref bean="attributeRepository" />
</property>
</bean>
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="(|(mail=%u)(eduPersonPrincipalName=%u))" />
<property name="searchBase" value="dc=example,dc=com" />
<property name="contextSource" ref="contextSource" />
<property name="allowMultipleAccounts" value="yes" />
</bean>
</list>
</property>
</bean>
<sec:user-service id="userDetailsService">
<sec:user name="[email protected]" password="notused" authorities="ROLE_ADMIN" />
</sec:user-service>
<bean
id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean
class="org.jasig.cas.services.RegisteredServiceImpl"
p:id="1"
p:description="Services Management"
p:serviceId="https://idp.example.com/cas/services/**";
p:name="Services Management"
p:theme="default"
p:allowedToProxy="true"
p:enabled="true"
p:ssoEnabled="true"
p:anonymousAccess="false">
<property name="allowedAttributes" value="uid,eduPersonPrincipalName,eduPersonAffiliation,comoupMembership,mail,cn,sn,telephone,Name,Fax"/>
</bean>
<bean
class="org.jasig.cas.services.RegisteredServiceImpl"
p:id="2"
p:description="NMC"
p:serviceId="https://www.example.com/**";
p:name="NMC"
p:enabled="true"
p:ssoEnabled="true"
p:anonymousAccess="false">
<property name="allowedAttributes" value="uid,eduPersonPrincipalName,eduPersonAffiliation,comoupMembership"/>
</bean>
</list>
</property>
</bean>
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="true"/>
<property name="urls">
<list>
<value>ldaps://ldap1.example.com ldaps://ldap2.example.com</value>
</list>
</property>
<property name="userDn" value=""/>
<property name="password" value=""/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>com.sun.jndi.ldap.connect.timeout</value>
</key>
<value>2000</value>
</entry>
<entry>
<key>
<value>com.sun.jndi.ldap.read.timeout</value>
</key>
<value>2000</value>
</entry>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
<bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="contextSource" />
<property name="baseDN" value="dc=example,dc=com" />
<property name="requireAllQueryAttributes" value="false" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="eduPersonPrincipalName" />
<entry key="mail" value="mail" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="cn" value="Name"/>
<entry value="Telephone" key="telephoneNumber" />
<entry value="Fax" key="facsimileTelephoneNumber" />
</map>
</property>
</bean>
</beans>
