I´m in the same case. I configure all as you say but I can´t see the attributes in phpCAS.
My deployerConfigContext: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:tx="http://www.springframework.org/schema/tx"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:sec="http://www.springframework.org/schema/security"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd";> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> <bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> <!-- The Principal resolver form the credentials --> <property name="credentialsToPrincipalResolver"> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> </property> <property name="filter" value="(uid=%u)" /> <!-- The attribute used to define the new Principal ID --> <property name="principalAttributeName" value="uid" /> <property name="searchBase" value="ou=Usuarios,dc=cdae,dc=uci,dc=cu" /> <property name="contextSource" ref="contextSource" /> <property name="attributeRepository"> <ref bean="attributeRepository" /> </property> </bean> </list> </property> <property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > <property name="filter" value="uid=%u" /> <property name="searchBase" value="ou=Usuarios,dc=cdae,dc=uci,dc=cu" /> <property name="contextSource" ref="contextSource" /> </bean> </list> </property> </bean> <sec:user-service id="userDetailsService"> <sec:user name="jorgeio" password="notused" authorities="ROLE_ADMIN" /> </sec:user-service> <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="contextSource" ref="contextSource" /> <property name="baseDN" value="ou=Usuarios,dc=cdae,dc=uci,dc=cu" /> <property name="requireAllQueryAttributes" value="true" /> <property name="queryAttributeMapping"> <map> <entry key="username" value="uid" /> </map> </property> <property name="resultAttributeMapping"> <map> <entry key="cn" value="nombre"/> <entry key="uid" value="username"/> <!--entry value="sn" key="sn" /--> </map> </property> </bean> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="0" /> <property name="name" value="cas service management" /> <property name="description" value="para entrar al cas" /> <property name="serviceId" value="https://localhost:8443/cas-web/services/**"; /> <property name="allowedAttributes"> <list> <value>uid</value> <value>cn</value> </list> </property> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="1" /> <property name="name" value="liferay" /> <property name="description" value="para entrar al liferay" /> <property name="serviceId" value="http://localhost:8080/**"; /> <property name="allowedAttributes"> <list> <value>uid</value> <value>cn</value> </list> </property> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="2" /> <property name="name" value="php" /> <property name="description" value="php" /> <property name="serviceId" value="http://localhost/**"; /> <property name="allowedAttributes"> <list> <value>uid</value> <value>cn</value> </list> </property> </bean> </list> </property> </bean> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName"> <value>org.postgresql.Driver</value> </property> <property name="url"> <value>jdbc:postgresql://127.0.0.1:5432/casserviceconfig</value> </property> <property name="username"> <value>postgres</value> </property> <property name="password"> <value>####</value> </property> </bean> <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="anonymousReadOnly" value="false"/> <property name="pooled" value="true"/> <property name="urls"> <list> <value>ldap://127.0.0.1:10389</value> </list> </property> <property name="userDn" value="uid=admin,ou=system"/> <property name="password" value="####"/> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.authentication</value> </key> <value>simple</value> </entry> <entry> <key> <value>com.sun.jndi.ldap.connect.timeout</value> </key> <value>2000</value> </entry> <entry> <key> <value>com.sun.jndi.ldap.read.timeout</value> </key> <value>2000</value> </entry> </map> </property> </bean> </beans> Jorge. -----Mensaje original----- De: Cyril GUILLERMINET [mailto:[email protected]] Enviado el: viernes, 18 de marzo de 2011 4:24 Para: [email protected] Asunto: Re: [cas-user] Unable to get LDAP attributes Hi Scott, You are right, everything is working like a charm now. Thank you all for your quick and useful answers. Regards, Cyril. ----- "Scott Battaglia" <[email protected]> a écrit : > My guess would be that allowedAttributes must also be configured as: > <property name="allowedAttributes"> > <list> > <value>attr1</value> > <value>attr2</value> > </list> > </property> > unless something is smart enough to recognize comma as a separator > (maybe there is? I usually just list them explicitly). > On Thu, Mar 17, 2011 at 1:32 PM, Marvin Addison < > [email protected] > wrote: > I believe the problem is here: > <bean > class="org.jasig.cas.services.RegisteredServiceImpl"> > <property name="id" value="0" /> > <property name="name" value="HTTP" /> > <property name="description" value="Only Allows > HTTP Urls" /> > <property name="serviceId" value="http://**"; /> > <property name="allowedAttributes" > value="uid,cn,isMemberOf" /> > </bean> > You need to either remove allowedAttributes attribute, or list all > attributes by the name you've given them in the principal, > "username,Name,isMemberOf". All RegisteredServiceImpl entries should > be configured similarly. > M > On Thu, Mar 17, 2011 at 1:26 PM, Cyril GUILLERMINET < > [email protected] > wrote: -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
