Thanks for the responses.
Just to follow-up and to make sure I'm on the right track...
In my phpcas script I did try using: phpCAS::client(SAML_VERSION_1_1,
$cas_host, $cas_port, $cas_context); and I have the attributeRespository
configured and referenced as below, but I'll verify that the attributes
are getting mapped.
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
<property name="attributeRepository" ref="attributeRepository" />
</bean>
Also, sorry if I didn't catch this in your response, but does that also
mean I need to configure the cas server to use
Saml11AuthenticationFilter/Saml11TicketValidationFilter in the web.xml
file? I don't know if that means that I would have to remove
Cas20ProxyReceivingTicketValidationFilter or can both of them be used? I
thought I ran into a blog post where they used both at the same time.
Currently I'm using the CAS2 protocol and I just look-up two attributes
in ldap within my phpcas script. This gives me the information I need
but I thought if there was a way of doing this in CAS, I might as well
take advantage of the feature unless it breaks my portal stuff.
Thanks,
Laura
On 5/31/12 12:14 AM, Joachim Fritschi wrote:
> Hi Laura,
>
> as Scott correctly points out. Use the SAML 1.1 protocol. The first
> thing you will need is to properly set up the attributeRepository on
> the CAS server side. If this is properly set up and all the attributes
> are properly resolved (check cas log file for the Principal object.
> This should contain all the attributes). Then check that the service
> is properly set up to release attributes in the service manager console.
>
> phpcas will then automatically resolve the attributes from the cas
> server answer.
> As for the CAS 2.0 protocol: This is only possible through manual and
> unofficial extensions of the protocol and the only "legitimate" use
> cas would be a proxy setup that needs attributes. Then you need to
> modify your casServiceValdiationSuccess.jsp with some small code.
> Behind the </cas:user> you need to add something like:
>
> <cas:attributes>
> <c:forEach var="attr"
> items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"><cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}></c:forEach>
>
>
> </cas:attributes>
>
> Since this is unsupported there have been multiple ways how this can
> be done but this is technically supported by both the jasig java and
> phpcas client and works for me so far.
>
> Regards,
>
> Joachim
>
> On 28.05.2012 23:08, Scott Battaglia wrote:
>> By default, the only response from the CAS server that will include
>> attributes is the SAML 1.1 response.
>>
>> Attribute support via CAS2 protocol requires local customization to the
>> server itself.
>>
>> Cheers,
>> Scott
>>
>>
>> On Fri, May 25, 2012 at 2:58 PM, Laura McCord <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> __
>> Hi,
>>
>> I am trying to use the getAttributes() phpCAS method to gain
>> attributes but I've been receiving nothing. I'm assuming this is
>> stemming from my CAS installation but I'm not entirely sure what to
>> do. From what I read I should place a reference to my
>> attributeRepository onto the
>>
>> org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver
>>
>>
>> bean (https://wiki.jasig.org/display/CASUM/Attributes)
>>
>> I've also seen references to using the
>> Saml11AuthenticationFilter/Saml11TicketValidationFilter but I'm not
>> sure how this affects my use of
>> Cas20ProxyReceivingTicketValidationFilter for my portal
>> installation. And, maybe this is only for java clients, I'm using a
>> phpCAS client so I don't know if this pertains to my situation.
>>
>> I'm using CAS 3.4.11
>>
>> Many Thanks,
>> Laura
>> --
>>
>> Laura McCord
>> Web Programmer/Analyst
>> Southwestern University
>> [email protected] <mailto:[email protected]>
>>
>> --
>> You are currently subscribed [email protected]
>> <mailto:[email protected]> as:[email protected]
>> <mailto:[email protected]>
>>
>>
>> To unsubscribe, change settings or access archives,
>> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
>
--
Laura McCord
Web Programmer/Analyst
Southwestern University
[email protected] <mailto:[email protected]>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
