my page saml works too much because it drop all attritubes of my user. but not
only the mail (value=mail) which is in the allowedattribute properties
Le 9 octobre 2014 17:35:04 CEST, John Gasper <jgas...@unicon.net> a écrit :
>As far as I can tell from the log the user attributes are being pulled
>from the ldap server just fine. It also looks like they are being
>queued
>to be put in the saml response:
>2014-10-09 17:03:29,192 INFO
>[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>Authenticated dcharlot with credentials [dcharlot+password].
>2014-10-09 17:03:29,192 DEBUG
>[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>Attribute map for dcharlot: {eduPersonAffiliation=[member, staff,
>employee], eduPersonPrimaryAffiliation=staff,
>email=daniel.char...@unice.fr,
>uniceService=[application.harpege.utilisateurs, application-geisha, BV,
>geisha, pers-tous, autocom, manu-dsi-assistance,
>application.apogee.utilisateurs, apogee, web, pers-affect.CRI,
>scsi.infrastructure.membres, scsi.personnels, hermes, harpege,
>dsi.infrastructure.a-sites, scsi.membres,
>scsi.infrastructure.personnels, app-conges,
>manu-membres-iufm-conseil.ufr, pers-site.valrose], displayName=Daniel
>Charlot, user=dcharlot}
>...
>2014-10-09 17:03:29,333 DEBUG
>[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
>[ST-1-bwkJYRzsBrdTc5eaDQ6r-login4.unice.fr] found in registry.
>2014-10-09 17:03:29,334 DEBUG
>[org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter]
>- Found attribute [email] in the list of allowed attributes for service
>[HTTP and IMAP]
>2014-10-09 17:03:29,334 DEBUG
>[org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter]
>- Found attribute [user] in the list of allowed attributes for service
>[HTTP and IMAP]
>
>I don't know if the logging indicates the attribute (or its value) as
>it
>is put into the SAML response or not.
>
>My next step would be to bump the logging up on the phpCAS client and I
>think you should be able to see the SAML response there.
>
>---
>*John Gasper*
>IAM Consultant
>Unicon, Inc.
>PGP/GPG Key: 0xbafee3ef
>On 10/9/14 8:09 AM, daniel.char...@unice.fr wrote:
>> Hi,
>>
>> Sorry for the delay,
>> here my log for one connexion :
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>jgas...@unicon.net
>> To unsubscribe, change settings or access archives, see
>http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>>
>> -----------------------------------------------------------------
>> Daniel CHARLOT
>> D.S.I. Université de Nice Sophia-Antipolis
>> Administrateur Systèmes et Réseaux
>> 28, avenue de Valrose - BP 2135 - 06103 NICE
>> Tél : 04-92-07-67-07
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Le 8 oct. 2014 à 16:26, Misagh Moayyed <mmoay...@unicon.net
>> <mailto:mmoay...@unicon.net>> a écrit :
>>
>>> Ok. So I’d follow what John suggested. Up the log levels and see
>what
>>> they tell you.
>>>
>>> *From:* daniel.char...@unice.fr
>>> <mailto:daniel.char...@unice.fr> [mailto:daniel.char...@unice.fr]
>>> *Sent:* Wednesday, October 8, 2014 7:19 AM
>>> *To:* cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org>
>>> *Subject:* Re: [cas-user] allowedAttributes ldap CAS 4
>>>
>>> A simple page of php cas 1.3.3 with the function
>phpCAS::getAttributes()
>>> -----------------------------------------------------------------
>>> Daniel CHARLOT
>>> D.S.I. Université de Nice Sophia-Antipolis
>>> Administrateur Systèmes et Réseaux
>>> 28, avenue de Valrose - BP 2135 - 06103 NICE
>>> Tél : 04-92-07-67-07
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Le 8 oct. 2014 à 16:14, Misagh Moayyed <mmoay...@unicon.net
>>> <mailto:mmoay...@unicon.net>> a écrit :
>>>
>>>
>>> And what sort of CAS client are you using to get these
>attributes?
>>>
>>> *From:* daniel.char...@unice.fr
>>> <mailto:daniel.char...@unice.fr>
>[mailto:daniel.char...@unice.fr]
>>> *Sent:* Wednesday, October 8, 2014 5:07 AM
>>> *To:* cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org>
>>> *Subject:* Re: [cas-user] allowedAttributes ldap CAS 4
>>>
>>> Hi john,
>>> I use SAML 1.1.
>>>
>>>
>-----------------------------------------------------------------
>>> Daniel CHARLOT
>>> D.S.I. Université de Nice Sophia-Antipolis
>>> Administrateur Systèmes et Réseaux
>>> 28, avenue de Valrose - BP 2135 - 06103 NICE
>>> Tél : 04-92-07-67-07
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Le 7 oct. 2014 à 17:18, John Gasper <jgas...@unicon.net
>>> <mailto:jgas...@unicon.net>> a écrit :
>>>
>>>
>>>
>>> What CAS protocol are you using to retrieve the attributes
>on
>>> the client side?
>>>
>>> On 10/7/14 1:04 AM, daniel.char...@unice.fr
>>> <mailto:daniel.char...@unice.fr> wrote:
>>>
>>> Hi john,
>>>
>>> I have tried your syntax but it's the same things.
>>>
>>>
>>>
>>> I have seen that on cas core 4.1 there are new functions
>>> for this. I hope the return of attributes for each
>>> services works on 4.0 with ldap…
>>>
>>> I dont understand why the property of serviceid works
>but
>>> not the property allowedAttribute
>>>
>>> Best Regards,
>>>
>>>
>>>
>>>
>-----------------------------------------------------------------
>>> Daniel CHARLOT
>>> D.S.I. Université de Nice Sophia-Antipolis
>>> Administrateur Systèmes et Réseaux
>>> 28, avenue de Valrose - BP 2135 - 06103 NICE
>>> Tél : 04-92-07-67-07
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Le 6 oct. 2014 à 17:24, John Gasper <jgas...@unicon.net
>>> <mailto:jgas...@unicon.net>> a écrit :
>>>
>>>
>>>
>>> You might try changing your bean def to use:
>>> <property
>name="allowedAttributes">
>>> <list>
>>> <value>mail</value>
>>> </list>
>>> </property>
>>>
>>> On 10/6/14 3:41 AM, daniel.char...@unice.fr
>>> <mailto:daniel.char...@unice.fr> wrote:
>>>
>>> Hi guys,
>>>
>>> Last work for my cas 4.
>>>
>>> I would like to give attributes differents for
>>> each services.
>>> But it doesnt work.
>>> I use
>org.jasig.cas.persondir.LdapPersonAttributeDao.
>>>
>>> And I have a bean :
>>> <bean
>>>
>class="org.jasig.cas.services.RegexRegisteredService"
>>> p:id="1" p:name="HTTP web"
>>> p:description=« SERVICE test"
>>> p:allowedToProxy="true"
>>> p:serviceId="http://testmydomain/test/test.php";
>>> p:evaluationOrder="10000002"
>>> * **p:allowedAttributes="mail"*/>
>>>
>>> But in response... I have all attributes which
>>> are in my "bean attributeRepository".
>>> allowedAttributes properties seems do nothing...
>>>
>>> Any ideas ?
>>>
>>> Thx for your responses
>>>
>-----------------------------------------------------------------
>>> Daniel CHARLOT
>>> D.S.I. Université de Nice Sophia-Antipolis
>>> Administrateur Systèmes et Réseaux
>>> 28, avenue de Valrose - BP 2135 - 06103 NICE
>>> Tél : 04-92-07-67-07
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> You are currently subscribed to
>cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as:
>jgas...@unicon.net <mailto:jgas...@unicon.net>
>>>
>>> To unsubscribe, change settings or access
>archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>>
>>> --
>>>
>>> You are currently subscribed to
>cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as:
>daniel.char...@unice.fr <mailto:daniel.char...@unice.fr>
>>>
>>> To unsubscribe, change settings or access archives,
>see http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>>
>>> --
>>>
>>> You are currently subscribed to cas-user@lists.jasig.org
><mailto:cas-user@lists.jasig.org> as: jgas...@unicon.net
><mailto:jgas...@unicon.net>
>>>
>>> To unsubscribe, change settings or access archives, see
>http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>>
>>> --
>>>
>>> You are currently subscribed to cas-user@lists.jasig.org
><mailto:cas-user@lists.jasig.org> as: daniel.char...@unice.fr
><mailto:daniel.char...@unice.fr>
>>>
>>> To unsubscribe, change settings or access archives, see
>http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> You are currently subscribed to cas-user@lists.jasig.org
><mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net
><mailto:mmoay...@unicon.net>
>>>
>>> To unsubscribe, change settings or access archives, see
>http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>> --
>>>
>>> You are currently subscribed to cas-user@lists.jasig.org
><mailto:cas-user@lists.jasig.org> as: daniel.char...@unice.fr
><mailto:daniel.char...@unice.fr>
>>>
>>> To unsubscribe, change settings or access archives, see
>http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org
><mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net
><mailto:mmoay...@unicon.net>
>>> To unsubscribe, change settings or access archives, see
>http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org
><mailto:cas-user@lists.jasig.org> as: daniel.char...@unice.fr
><mailto:daniel.char...@unice.fr>
>>> To unsubscribe, change settings or access archives, see
>http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
>
>--
>You are currently subscribed to cas-user@lists.jasig.org as:
>daniel.char...@unice.fr
>To unsubscribe, change settings or access archives, see
>http://www.ja-sig.org/wiki/display/JSG/cas-user
--
Envoyé de mon Android 4G
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
