my page saml works too much because it drop all attritubes of my user. but not only the mail (value=mail) which is in the allowedattribute properties
Le 9 octobre 2014 17:35:04 CEST, John Gasper <jgas...@unicon.net> a écrit : >As far as I can tell from the log the user attributes are being pulled >from the ldap server just fine. It also looks like they are being >queued >to be put in the saml response: >2014-10-09 17:03:29,192 INFO >[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >Authenticated dcharlot with credentials [dcharlot+password]. >2014-10-09 17:03:29,192 DEBUG >[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >Attribute map for dcharlot: {eduPersonAffiliation=[member, staff, >employee], eduPersonPrimaryAffiliation=staff, >email=daniel.char...@unice.fr, >uniceService=[application.harpege.utilisateurs, application-geisha, BV, >geisha, pers-tous, autocom, manu-dsi-assistance, >application.apogee.utilisateurs, apogee, web, pers-affect.CRI, >scsi.infrastructure.membres, scsi.personnels, hermes, harpege, >dsi.infrastructure.a-sites, scsi.membres, >scsi.infrastructure.personnels, app-conges, >manu-membres-iufm-conseil.ufr, pers-site.valrose], displayName=Daniel >Charlot, user=dcharlot} >... >2014-10-09 17:03:29,333 DEBUG >[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket >[ST-1-bwkJYRzsBrdTc5eaDQ6r-login4.unice.fr] found in registry. >2014-10-09 17:03:29,334 DEBUG >[org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] >- Found attribute [email] in the list of allowed attributes for service >[HTTP and IMAP] >2014-10-09 17:03:29,334 DEBUG >[org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] >- Found attribute [user] in the list of allowed attributes for service >[HTTP and IMAP] > >I don't know if the logging indicates the attribute (or its value) as >it >is put into the SAML response or not. > >My next step would be to bump the logging up on the phpCAS client and I >think you should be able to see the SAML response there. > >--- >*John Gasper* >IAM Consultant >Unicon, Inc. >PGP/GPG Key: 0xbafee3ef >On 10/9/14 8:09 AM, daniel.char...@unice.fr wrote: >> Hi, >> >> Sorry for the delay, >> here my log for one connexion : >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >jgas...@unicon.net >> To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> ----------------------------------------------------------------- >> Daniel CHARLOT >> D.S.I. Université de Nice Sophia-Antipolis >> Administrateur Systèmes et Réseaux >> 28, avenue de Valrose - BP 2135 - 06103 NICE >> Tél : 04-92-07-67-07 >> >> >> >> >> >> >> >> >> >> >> >> Le 8 oct. 2014 à 16:26, Misagh Moayyed <mmoay...@unicon.net >> <mailto:mmoay...@unicon.net>> a écrit : >> >>> Ok. So I’d follow what John suggested. Up the log levels and see >what >>> they tell you. >>> >>> *From:* daniel.char...@unice.fr >>> <mailto:daniel.char...@unice.fr> [mailto:daniel.char...@unice.fr] >>> *Sent:* Wednesday, October 8, 2014 7:19 AM >>> *To:* cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> >>> *Subject:* Re: [cas-user] allowedAttributes ldap CAS 4 >>> >>> A simple page of php cas 1.3.3 with the function >phpCAS::getAttributes() >>> ----------------------------------------------------------------- >>> Daniel CHARLOT >>> D.S.I. Université de Nice Sophia-Antipolis >>> Administrateur Systèmes et Réseaux >>> 28, avenue de Valrose - BP 2135 - 06103 NICE >>> Tél : 04-92-07-67-07 >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> Le 8 oct. 2014 à 16:14, Misagh Moayyed <mmoay...@unicon.net >>> <mailto:mmoay...@unicon.net>> a écrit : >>> >>> >>> And what sort of CAS client are you using to get these >attributes? >>> >>> *From:* daniel.char...@unice.fr >>> <mailto:daniel.char...@unice.fr> >[mailto:daniel.char...@unice.fr] >>> *Sent:* Wednesday, October 8, 2014 5:07 AM >>> *To:* cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> >>> *Subject:* Re: [cas-user] allowedAttributes ldap CAS 4 >>> >>> Hi john, >>> I use SAML 1.1. >>> >>> >----------------------------------------------------------------- >>> Daniel CHARLOT >>> D.S.I. Université de Nice Sophia-Antipolis >>> Administrateur Systèmes et Réseaux >>> 28, avenue de Valrose - BP 2135 - 06103 NICE >>> Tél : 04-92-07-67-07 >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> Le 7 oct. 2014 à 17:18, John Gasper <jgas...@unicon.net >>> <mailto:jgas...@unicon.net>> a écrit : >>> >>> >>> >>> What CAS protocol are you using to retrieve the attributes >on >>> the client side? >>> >>> On 10/7/14 1:04 AM, daniel.char...@unice.fr >>> <mailto:daniel.char...@unice.fr> wrote: >>> >>> Hi john, >>> >>> I have tried your syntax but it's the same things. >>> >>> >>> >>> I have seen that on cas core 4.1 there are new functions >>> for this. I hope the return of attributes for each >>> services works on 4.0 with ldap… >>> >>> I dont understand why the property of serviceid works >but >>> not the property allowedAttribute >>> >>> Best Regards, >>> >>> >>> >>> >----------------------------------------------------------------- >>> Daniel CHARLOT >>> D.S.I. Université de Nice Sophia-Antipolis >>> Administrateur Systèmes et Réseaux >>> 28, avenue de Valrose - BP 2135 - 06103 NICE >>> Tél : 04-92-07-67-07 >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> Le 6 oct. 2014 à 17:24, John Gasper <jgas...@unicon.net >>> <mailto:jgas...@unicon.net>> a écrit : >>> >>> >>> >>> You might try changing your bean def to use: >>> <property >name="allowedAttributes"> >>> <list> >>> <value>mail</value> >>> </list> >>> </property> >>> >>> On 10/6/14 3:41 AM, daniel.char...@unice.fr >>> <mailto:daniel.char...@unice.fr> wrote: >>> >>> Hi guys, >>> >>> Last work for my cas 4. >>> >>> I would like to give attributes differents for >>> each services. >>> But it doesnt work. >>> I use >org.jasig.cas.persondir.LdapPersonAttributeDao. >>> >>> And I have a bean : >>> <bean >>> >class="org.jasig.cas.services.RegexRegisteredService" >>> p:id="1" p:name="HTTP web" >>> p:description=« SERVICE test" >>> p:allowedToProxy="true" >>> p:serviceId="http://testmydomain/test/test.php" >>> p:evaluationOrder="10000002" >>> * **p:allowedAttributes="mail"*/> >>> >>> But in response... I have all attributes which >>> are in my "bean attributeRepository". >>> allowedAttributes properties seems do nothing... >>> >>> Any ideas ? >>> >>> Thx for your responses >>> >----------------------------------------------------------------- >>> Daniel CHARLOT >>> D.S.I. Université de Nice Sophia-Antipolis >>> Administrateur Systèmes et Réseaux >>> 28, avenue de Valrose - BP 2135 - 06103 NICE >>> Tél : 04-92-07-67-07 >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> You are currently subscribed to >cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as: >jgas...@unicon.net <mailto:jgas...@unicon.net> >>> >>> To unsubscribe, change settings or access >archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >>> >>> -- >>> >>> You are currently subscribed to >cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as: >daniel.char...@unice.fr <mailto:daniel.char...@unice.fr> >>> >>> To unsubscribe, change settings or access archives, >see http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >>> >>> -- >>> >>> You are currently subscribed to cas-user@lists.jasig.org ><mailto:cas-user@lists.jasig.org> as: jgas...@unicon.net ><mailto:jgas...@unicon.net> >>> >>> To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >>> >>> -- >>> >>> You are currently subscribed to cas-user@lists.jasig.org ><mailto:cas-user@lists.jasig.org> as: daniel.char...@unice.fr ><mailto:daniel.char...@unice.fr> >>> >>> To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >>> >>> >>> >>> -- >>> >>> You are currently subscribed to cas-user@lists.jasig.org ><mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net ><mailto:mmoay...@unicon.net> >>> >>> To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> -- >>> >>> You are currently subscribed to cas-user@lists.jasig.org ><mailto:cas-user@lists.jasig.org> as: daniel.char...@unice.fr ><mailto:daniel.char...@unice.fr> >>> >>> To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >>> >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org ><mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net ><mailto:mmoay...@unicon.net> >>> To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org ><mailto:cas-user@lists.jasig.org> as: daniel.char...@unice.fr ><mailto:daniel.char...@unice.fr> >>> To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > >-- >You are currently subscribed to cas-user@lists.jasig.org as: >daniel.char...@unice.fr >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user -- Envoyé de mon Android 4G -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user