You need to define allowed attributes in terms of the names by which the principal knows them, not as they appear in LDAP. Consider the following:
> <property name="resultAttributeMapping"> > <map> > <entry key="cn" value="nombre"/> > <entry key="uid" value="username"/> > <!--entry value="sn" key="sn" /--> > </map> > </property> The attribute names according to the principal are nombre and username. Yet you refer to the LDAP attribute names in the registered service entries: > <bean class="org.jasig.cas.services.RegisteredServiceImpl"> > <property name="id" value="0" /> > <property name="name" value="cas service management" /> > <property name="description" value="para entrar al > cas" /> > <property name="serviceId" > value="https://localhost:8443/cas-web/services/**"; /> > <property > name="allowedAttributes"> > <list> > <value>uid</value> > <value>cn</value> > </list> > </property> > </bean> M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
