The logs are attached.
It's suspect that the last attribute query entry is the following:
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
Generated query builder '([email protected])'
from query Map {username=[[email protected]]}.
In the case of successful attribute release, you should see entries
like the following:
2010-09-21 09:57:43,655 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
Retrieved
attributes='[NamedPersonImpl[name=username,attributes={accountState=[ACTIVE],
authId=[username], Formatted Name=[username],
groupMembership=[uugid=group1,ou=Groups,dc=vt,dc=edu,
uugid=group2,ou=Groups,dc=vt,dc=edu,
uugid=group3,ou=Groups,dc=vt,dc=edu], uid=[12345],
UDC_IDENTIFIER=[7CF7812347C17395E0441234BA624FA9],
virginiaTechAffiliation=[VT-EMPLOYEE-STATE, VT-EMPLOYEE,
VT-ACTIVE-MEMBER, VT-STAFF, VT-STUDENT, VT-ALUM-CONSTITUENT, VT-ALUM,
VT-ALUM-PARENT]}]]' for query='{username=[username]}',
isFirstQuery=false,
currentlyConsidering='org.jasig.services.persondir.support.ldap.ldappersonattribute...@569764bd',
resultAttributes='null'
Can you confirm that your LDAP query is valid and that you can execute
it against your LDAP server using the same parameters as those defined
in your deployerConfigContext.xml? I typically use ldapsearch, part
of the ldap-utils package, for investigations like that.
M
Hi Marvin,
This is strangling me the last month... but I've managed to see
MergingPersonAttributeDaoImpl
entries in my logs by adding the following in my config
(which is not mentioned anywhere in the documentation!):
<bean id="mergedPersonAttributeDao"
class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl">
<property name="personAttributeDaos">
<list>
<ref bean="attributeRepository" />
</list>
</property>
<property name="merger">
<bean
class="org.jasig.services.persondir.support.merger.MultivaluedAttributeMerger"/>
</property>
</bean>
Also in UsernamePasswordCredentialsToPrincipalResolver I changed
attributeRepository ref:
<property name="attributeRepository">
<ref bean="mergedPersonAttributeDao" />
</property>
Now I get:
2010-10-20 14:34:01,329 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
<Retrieved
attributes='[namedpersonimpl[[email protected],attributes={uid=[user],
mail=[[email protected]], cn=[Καπετανάκης Γιάννης],
telephoneNumber=[1234], givenname=[Γιάννης], sn=[Καπετανάκης]}]]' for
query='{username=[[email protected]]}', isFirstQuery=false,
currentlyConsidering='org.jasig.services.persondir.support.ldap.ldappersonattribute...@12133926',
resultAttributes='null'>
2010-10-20 14:34:01,330 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
<Aggregated search results
'[namedpersonimpl[[email protected],attributes={uid=[user],
mail=[[email protected]], cn=[Καπετανάκης Γιάννης],
telephoneNumber=[1234], givenname=[Γιάννης], sn=[Καπετανάκης]}]]' for
query='{username=[[email protected]]}'>
All attributes have been allowed in service management but still the
attributes are not released.
This is the SAML response as I see it in phpCAS:
BEBA .| | | | => CASClient::setSessionAttributes('<?xml version="1.0"
encoding="UTF-8"?><SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><Response
xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
IssueInstant="2010-10-20T11:34:01.452Z" MajorVersion="1"
MinorVersion="1" Recipient="https://www.example.com/cas/index.php";
ResponseID="_2157937e11332e705b7705313e4c26db"><Status><StatusCode
Value="samlp:Success"></StatusCode></Status><Assertion
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="_0af3878455932583e11d6546eafab8e7"
IssueInstant="2010-10-20T11:34:01.452Z" Issuer="localhost"
MajorVersion="1" MinorVersion="1"><Conditions
NotBefore="2010-10-20T11:34:01.452Z"
NotOnOrAfter="2010-10-20T11:34:31.452Z"><AudienceRestrictionCondition><Audience>https://www.example.com/cas/index.php</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement
AuthenticationInstant="2010-10-20T11:34:01.330Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier>[email protected]</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement></Assertion></Response></SOAP-ENV:Body></SOAP-ENV:Envelope>')
[client.php:1566]
BEBA .| | | | | *SAML Attributes are empty* [client.php:1634]
My guess is that there is still something missing...
I would appreciate any help on this to resolv it.
regards,
Giannis
ps. I'm using
https://wiki.jasig.org/display/CASC/phpCAS+examples#phpCASexamples-SAMLProtocolwithAttributeRelease
as a reference for my index.php
phpCAS 1.1.3 / cas-3.4.3
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
