Hi, I am running CAS 3.4.6 with OpenDS and user authentication is working as expected.
However, I am not able to get LDAP attributes, could you please help me to find what I am doing wrong. Here is my configuration: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:sec="http://www.springframework.org/schema/security"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd";> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> <property name="credentialsToPrincipalResolver"> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> </property> <property name="filter" value="(uid=%u)" /> <property name="principalAttributeName" value="uid" /> <property name="searchBase" value="ou=people,dc=tinesys,dc=fr" /> <property name="contextSource" ref="contextSource" /> <property name="attributeRepository"> <ref bean="attributeRepository" /> </property> </bean> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> +--> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> <property name="filter" value="uid=%u" /> <property name="searchBase" value="ou=people,dc=tinesys,dc=fr" /> <property name="contextSource" ref="contextSource" /> </bean> </list> </property> </bean> <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="pooled" value="false"/> <property name="urls"> <list> <value>ldaps://myhost:1636/</value> </list> </property> <property name="userDn" value="cn=Directory Manager"/> <!-- eg uid=LdapUser,dc=yourdomain,dc=edu --> <property name="password" value="my secret password"/> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.authentication</value> </key> <value>simple</value> </entry> <entry> <key> <value>com.sun.jndi.ldap.connect.timeout</value> </key> <value>2000</value> </entry> <entry> <key> <value>com.sun.jndi.ldap.read.timeout</value> </key> <value>2000</value> </entry> </map> </property> </bean> <!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />--> <sec:user-service id="userDetailsService"> <sec:user name="battags" password="notused" authorities="ROLE_ADMIN" /> </sec:user-service> <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="contextSource" ref="contextSource" /> <property name="baseDN" value="ou=people,dc=tinesys,dc=fr" /> <property name="requireAllQueryAttributes" value="true" /> <!-- Attribute mapping beetween principal (key) and LDAP (value) names used to perform the LDAP search. By default, multiple search criteria are ANDed together. Set the queryType property to change to OR. --> <property name="queryAttributeMapping"> <map> <entry key="username" value="uid" /> </map> </property> <property name="resultAttributeMapping"> <map> <!-- Mapping beetween LDAP entry attributes (key) and Principal's (value) --> <entry key="cn" value="Name"/> <entry key="uid" value="username"/> <entry value="isMemberOf" key="isMemberOf" /> </map> </property> </bean> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="0" /> <property name="name" value="HTTP" /> <property name="description" value="Only Allows HTTP Urls" /> <property name="serviceId" value="http://**"; /> <property name="allowedAttributes" value="uid,cn,isMemberOf" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="1" /> <property name="name" value="HTTPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="https://**"; /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="2" /> <property name="name" value="IMAPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="imaps://**" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="3" /> <property name="name" value="IMAP" /> <property name="description" value="Only Allows IMAP Urls" /> <property name="serviceId" value="imap://**" /> </bean> </list> </property> </bean> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> </beans> Here are some logs: 2011-03-17 12:54:04,949 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: someone] 2011-03-17 12:54:04,949 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - Attempting to resolve a principal... 2011-03-17 12:54:04,949 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - Attempting to resolve a principal... 2011-03-17 12:54:04,949 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - Attempting to resolve a principal... 2011-03-17 12:54:04,949 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - Attempting to resolve a principal... 2011-03-17 12:54:04,949 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - Creating SimplePrincipal for [someone] 2011-03-17 12:54:04,949 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - Creating SimplePrincipal for [someone] 2011-03-17 12:54:04,951 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - Resolved someone. Trying LDAP resolve now... 2011-03-17 12:54:04,951 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - Resolved someone. Trying LDAP resolve now... 2011-03-17 12:54:04,951 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - LDAP search with filter "(uid=someone)" 2011-03-17 12:54:04,951 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - LDAP search with filter "(uid=someone)" 2011-03-17 12:54:04,951 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - returning searchcontrols: scope=2; search base=ou=people,dc=xxxxx,dc=xxxx; attributes=[uid]; timeout=1000 2011-03-17 12:54:04,951 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - returning searchcontrols: scope=2; search base=ou=people,dc=xxxxx,dc=xxxx; attributes=[uid]; timeout=1000 2011-03-17 12:54:04,997 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - Resolved someone to someone 2011-03-17 12:54:04,997 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - Resolved someone to someone 2011-03-17 12:54:04,997 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - Creating SimplePrincipal for [someone] 2011-03-17 12:54:04,997 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - Creating SimplePrincipal for [someone] 2011-03-17 12:54:04,998 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created seed map='{username=[someone]}' for uid='someone' 2011-03-17 12:54:04,998 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created seed map='{username=[someone]}' for uid='someone' 2011-03-17 12:54:04,998 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding attribute 'uid' with value '[someone]' to query builder 'null' 2011-03-17 12:54:04,998 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding attribute 'uid' with value '[someone]' to query builder 'null' 2011-03-17 12:54:05,001 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Generated query builder '(uid=cguillerminet)' from query Map {username=[cguillerminet]}. 2011-03-17 12:54:05,001 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Generated query builder '(uid=cguillerminet)' from query Map {username=[cguillerminet]}. 2011-03-17 12:54:05,064 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: [username: someone] WHAT: supplied credentials: [username: someone] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Thu Mar 17 12:54:05 EDT 2011 CLIENT IP ADDRESS: xxx.xx.xx.xx SERVER IP ADDRESS: xxx.xx.xx.xx ============================================================= 2011-03-17 12:54:05,070 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: [username: someone] WHAT: TGT-1-gxBJlnF2jeUWpnwel20dUcq0DBOMJ51cRlxKGBRgRctlM4k5gE-cas ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Thu Mar 17 12:54:05 EDT 2011 CLIENT IP ADDRESS: xxx.xx.xx.xx SERVER IP ADDRESS: xxx.xx.xx.xx ============================================================= 2011-03-17 12:54:05,071 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: TGT-1-WdrIcWoeCRAOXdievaMQze0ItGXgdUY9te0DobCFhcV2dfN7Bs-cas ACTION: TICKET_GRANTING_TICKET_DESTROYED APPLICATION: CAS WHEN: Thu Mar 17 12:54:05 EDT 2011 CLIENT IP ADDRESS: xxx.xx.xx.xx SERVER IP ADDRESS: xxx.xx.xx.xx ============================================================= 2011-03-17 12:54:05,073 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1-7sFZLYHxwnNne1wzshAj-cas] for service [http://172.22.95.75/] for user [cguillerminet] 2011-03-17 12:54:05,074 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: someone WHAT: ST-1-7sFZLYHxwnNne1wzshAj-cas for http://xxx.xx.xx.xx/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Thu Mar 17 12:54:05 EDT 2011 CLIENT IP ADDRESS: xxx.xx.xx.xx SERVER IP ADDRESS: xxx.xx.xx.xx ============================================================= 2011-03-17 12:54:05,125 DEBUG [org.jasig.cas.authentication.principal.SamlService] - Attempted to extract Request from HttpServletRequest. Results: 2011-03-17 12:54:05,125 DEBUG [org.jasig.cas.authentication.principal.SamlService] - Attempted to extract Request from HttpServletRequest. Results: 2011-03-17 12:54:05,125 DEBUG [org.jasig.cas.authentication.principal.SamlService] - Request Body: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z"><samlp:AssertionArtifact>ST-1-7sFZLYHxwnNne1wzshAj-cas</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope> 2011-03-17 12:54:05,125 DEBUG [org.jasig.cas.authentication.principal.SamlService] - Request Body: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z"><samlp:AssertionArtifact>ST-1-7sFZLYHxwnNne1wzshAj-cas</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope> 2011-03-17 12:54:05,125 DEBUG [org.jasig.cas.authentication.principal.SamlService] - Extracted ArtifactId: ST-1-7sFZLYHxwnNne1wzshAj-cas 2011-03-17 12:54:05,125 DEBUG [org.jasig.cas.authentication.principal.SamlService] - Extracted ArtifactId: ST-1-7sFZLYHxwnNne1wzshAj-cas 2011-03-17 12:54:05,125 DEBUG [org.jasig.cas.authentication.principal.SamlService] - Extracted Request Id: _192.168.16.51.1024506224022 2011-03-17 12:54:05,125 DEBUG [org.jasig.cas.authentication.principal.SamlService] - Extracted Request Id: _192.168.16.51.1024506224022 2011-03-17 12:54:05,129 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-1-7sFZLYHxwnNne1wzshAj-cas ACTION: SERVICE_TICKET_VALIDATED APPLICATION: CAS WHEN: Thu Mar 17 12:54:05 EDT 2011 CLIENT IP ADDRESS: xxx.xx.xx.xx SERVER IP ADDRESS: xx.xx.xx.xx ============================================================= Regards. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
