Using LDAP I have been able to login, query attributes and send the attributes back to the client if the attributes are the standard LDAP attributes. We are using MS Active Directory as our LDAP server and we have extended the Person Object Schema. I have not not been able to query the added attributes. So no problem with cn and userPrincipleName but no go with our added attribute SecurityQuestion. I have checked the log and the problem is not in sending them out but the SecurityQuestion is not put in the User's Attribute map. I have written a Java class and can get these attributes no problem. Any ideas? Below is my deployerConfigContext.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:tx="http://www.springframework.org/schema/tx"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:sec="http://www.springframework.org/schema/security"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd";> <bean id="authenticationManager" class="org.jasig.cas.authentication.LinkedAuthenticationHandlerAndCredentialsToPrincipalResolverAuthenticationManager"> <constructor-arg index="0"> <map> <entry key-ref="Staff-LdapAuthHandler" value-ref="Staff-LdapCredentialtoPrincipalResolver" /> <entry key-ref="HTTPAuthHandler" value-ref="HTTPCredentialtoPrincipalResolver" /> </map> </constructor-arg> </bean> <bean id="HTTPCredentialtoPrincipalResolver" class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> <bean id="HTTPAuthHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <bean id="Staff-LdapAuthHandler" class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > <property name="filter" value="%[email protected]" /> <property name="contextSource" ref="contextSource" /> <property name="ignorePartialResultException" value="yes" /> </bean> <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="pooled" value="false"/> <property name="url" value="ldap://dc1.yfuusa.local:3268/DC=YFUUSA,DC=Local"; /> <!-- <value>ldap://dc2.yfuusa.local:389/DC=YFUUSA,DC=Local</value> --> <!-- Place JNDI environment properties here. --> <property name="baseEnvironmentProperties"> <map> <!-- Three seconds is an eternity to users. --> <entry key="com.sun.jndi.ldap.connect.timeout" value="3000" /> <entry key="com.sun.jndi.ldap.read.timeout" value="3000" /> <!-- Explained at http://download.oracle.com/javase/1.3/docs/api/javax/naming/Context.html#SECURITY_AUTHENTICATION --> <entry key="java.naming.security.authentication" value="simple" /> </map> </property> <property name="userDn" value="CN=HIDEME,CN=Users,DC=YFUUSA,DC=Local" /> <property name="password" value="SECRET" /> </bean> <bean id="Staff-LdapCredentialtoPrincipalResolver" class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> <property name="credentialsToPrincipalResolver"> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> </property> <property name="filter" value="(sAMAccountName=%u)" /> <property name="principalAttributeName" value="sAMAccountName" /> <property name="scope" value="2" /> <property name="searchBase" value="" /> <property name="contextSource" ref="contextSource" /> <property name="attributeRepository"> <ref bean="attributeRepository" /> </property> </bean> <sec:user-service id="userDetailsService"> <sec:user name="hideme" password="notused" authorities="ROLE_ADMIN" /> </sec:user-service> <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="contextSource" ref="contextSource" /> <property name="baseDN" value="" /> <property name="requireAllQueryAttributes" value="false" /> <property name="queryAttributeMapping"> <map> <entry key="username" value="sAMAccountName" /> </map> </property> <property name="resultAttributeMapping"> <map> <entry key="cn" value="Name"/> <entry key="userPrincipalName" value="userPrincipalName" /> <entry key="memberOf" value="group" /> <entry key="distinguishedName" value="distinguishedName" /> <entry key="securityQuestion" value="securityQuestion" /> </map> </property> </bean> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="0" /> <property name="name" value="LocalMy.YFU" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="http://chekov:10000/cgi-bin/WebObjects/WOYFUJava.woa/wa/TemporaryDirectAction/casLogin"; /> <property name="allowedAttributes"> <list> <value>group</value> <value>Name</value> <value>userPrincipalName</value> <value>distinguishedName</value> <value>pfoId</value> <value>securityQuestion</value> </list> </property> <property name="anonymousAccess" value="true"/> </bean> </list> </property> </bean> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> </beans> Jeffrey Simpson Senior Software Engineer Telephone: 240.235.2144 Fax: 240.235.2174 [email protected] Youth For Understanding (YFU) prepares young people for their responsibilities and opportunities in a changing, interdependent world. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
