Saml11AuthenticationFilter/Saml11TicketValidationFilter are cas client
functions of the java client. You do not need them. phpcas is a fully
functional cas client and only needs a working cas server. There is no
dependency on the java client. If you have the cas server properly
configured (attribute repository and attribute release in the Service
Management gui) you can simply check the attributes with one of our
simple examples also contained in the distributed package [1] or of
course use your own application. However i would recommend the small
test application to keep it simple in the beginning. If you run into any
trouble please check out the debug logs for phpcas [2] and check the cas
server if it actually gathers the attributes and appends them to the
principal object.
Since you mention the word portal you may depend on proxy functionality.
If you use any phpcas::proxy() call you will have to extend the cas 2.0
protocol or use your existing ldap lookup.
Regards,
Joachim
[1]https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_advanced_saml11.php
[2]https://wiki.jasig.org/display/CASC/phpCAS+troubleshooting
On 31.05.2012 16:46, Laura McCord wrote:
Thanks for the responses.
Just to follow-up and to make sure I'm on the right track...
In my phpcas script I did try using: phpCAS::client(SAML_VERSION_1_1,
$cas_host, $cas_port, $cas_context); and I have the attributeRespository
configured and referenced as below, but I'll verify that the attributes
are getting mapped.
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
<property name="attributeRepository" ref="attributeRepository" />
</bean>
Also, sorry if I didn't catch this in your response, but does that also
mean I need to configure the cas server to use
Saml11AuthenticationFilter/Saml11TicketValidationFilter in the web.xml
file? I don't know if that means that I would have to remove
Cas20ProxyReceivingTicketValidationFilter or can both of them be used? I
thought I ran into a blog post where they used both at the same time.
Currently I'm using the CAS2 protocol and I just look-up two attributes
in ldap within my phpcas script. This gives me the information I need
but I thought if there was a way of doing this in CAS, I might as well
take advantage of the feature unless it breaks my portal stuff.
Thanks,
Laura
On 5/31/12 12:14 AM, Joachim Fritschi wrote:
Hi Laura,
as Scott correctly points out. Use the SAML 1.1 protocol. The first
thing you will need is to properly set up the attributeRepository on
the CAS server side. If this is properly set up and all the attributes
are properly resolved (check cas log file for the Principal object.
This should contain all the attributes). Then check that the service
is properly set up to release attributes in the service manager console.
phpcas will then automatically resolve the attributes from the cas
server answer.
As for the CAS 2.0 protocol: This is only possible through manual and
unofficial extensions of the protocol and the only "legitimate" use
cas would be a proxy setup that needs attributes. Then you need to
modify your casServiceValdiationSuccess.jsp with some small code.
Behind the </cas:user> you need to add something like:
<cas:attributes>
<c:forEach var="attr"
items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"><cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}></c:forEach>
</cas:attributes>
Since this is unsupported there have been multiple ways how this can
be done but this is technically supported by both the jasig java and
phpcas client and works for me so far.
Regards,
Joachim
On 28.05.2012 23:08, Scott Battaglia wrote:
By default, the only response from the CAS server that will include
attributes is the SAML 1.1 response.
Attribute support via CAS2 protocol requires local customization to the
server itself.
Cheers,
Scott
On Fri, May 25, 2012 at 2:58 PM, Laura McCord <[email protected]
<mailto:[email protected]>> wrote:
__
Hi,
I am trying to use the getAttributes() phpCAS method to gain
attributes but I've been receiving nothing. I'm assuming this is
stemming from my CAS installation but I'm not entirely sure what to
do. From what I read I should place a reference to my
attributeRepository onto the
org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver
bean (https://wiki.jasig.org/display/CASUM/Attributes)
I've also seen references to using the
Saml11AuthenticationFilter/Saml11TicketValidationFilter but I'm not
sure how this affects my use of
Cas20ProxyReceivingTicketValidationFilter for my portal
installation. And, maybe this is only for java clients, I'm using a
phpCAS client so I don't know if this pertains to my situation.
I'm using CAS 3.4.11
Many Thanks,
Laura
--
Laura McCord
Web Programmer/Analyst
Southwestern University
[email protected] <mailto:[email protected]>
--
You are currently subscribed [email protected]
<mailto:[email protected]> as:[email protected]
<mailto:[email protected]>
To unsubscribe, change settings or access archives,
seehttp://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
Laura McCord
Web Programmer/Analyst
Southwestern University
[email protected] <mailto:[email protected]>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
