Possibly because you are not allowing any attributes to be released: http://jasig.github.io/cas/4.0.x/integration/Attribute-Release.html#config uration
Also, do please review this section as well: http://jasig.github.io/cas/4.0.x/integration/Attribute-Release.html#attrib ute-filters Your filter says: filter the collection of attributes received to only include those that have the word "mail" in them. But it received none, because nothing is allowed. -----Original Message----- From: Simon [mailto:c...@klappezu.com] Sent: Thursday, April 30, 2015 1:19 AM To: cas-user@lists.jasig.org Subject: [cas-user] CAS 4.0 LDAP attributes to registered services Hello, I'm using CAS 4.0 on Tomcat 8.0 with Oracle Java JVM 1.8.0 The authentication against a LDAP directory which is managed by a Microsoft Active Directory Server 2008 R2 works as expected. But the LDAP attributes are not passed to the service. The class PolicyBasedAuthenticationManager debugs the correct attribute map with all correct values at the moment of the authentication on the CAS server. But these attributes are not passed to the registered services. The class RegisteredServiceRegexAttributeFilter debugs that it received 0 attributes. And also my phpCAS 1.3.3 gives me an empty array for phpCAS::getAttributes() - but the correct username with phpCAS::getUser(). Has anyone an idea where my mistake is? Thank you very much for your help! My deployerConfigContext.xml is: <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> <constructor-arg> <map> <entry key-ref="firstLDAP" value="#{null}" /> </map> </constructor-arg> <property name="authenticationPolicy"> <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> </property> </bean> <bean id="firstLDAP" class="org.jasig.cas.authentication.LdapAuthenticationHandler" p:principalIdAttribute="sAMAccountName" c:authenticator-ref="authenticator"> <property name="principalAttributeMap"> <map> <entry key="displayName" value="displayName" /> <entry key="mail" value="mail" /> <entry key="memberOf" value="memberOf" /> </map> </property> </bean> ... see complete config at http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html#act ive-directory-authentication <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegexRegisteredService"> <property name="id" value="1" /> <property name="name" value="All Websites" /> <property name="serviceId" value="^(https?)://.*" /> <property name="evaluationOrder" value="0" /> <property name="attributeFilter"> <bean class="org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilte r" c:regex=".*(mail).*" /> </property> </bean> </list> </property> </bean> My debug log is: INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler successfully authenticated testuser+password> DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <No resolver configured for LdapAuthenticationHandler. Falling back to handler principal testuser> INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated testuser with credentials [testuser+password].> DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Attribute map for testuser: {displayName=Test User, mail=testu...@example.org, memberOf=[CN=allusers,OU=Users,DC=mydomain,DC=local]}> INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ... > DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [TGT-1-YSFZST3d3fMJCBb3xlfMmTH7ZtdgTTmCcN3lC5DwSXMn5WL6Wp-mydomaincluster] to registry.> Audit trail record ... Slf4jLoggingAuditTrailManager ... CookieRetrievingCookieGenerator ... DefaultTicketRegistry ... DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://192.168.0.1/castest/> DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-1-lfDFJh6WF04IUOTvOatP-mydomaincluster]> DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ST-1-lfDFJh6WF04IUOTvOatP-mydomaincluster] found in registry.> DEBUG [org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter] - <Received 0 attributes. Filtered and released 0> DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal id to return for service [All Websites] is [testuser]. The default principal id is [testuser].> DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [ST-1-lfDFJh6WF04IUOTvOatP-mydomaincluster] from registry> DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-1-lfDFJh6WF04IUOTvOatP-mydomaincluster]> INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ...> DEBUG [org.jasig.cas.web.ServiceValidateController] - <Successfully validated service ticket ST-1-lfDFJh6WF04IUOTvOatP-mydomaincluster for service [http://192.168.0.1/castest/]> -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
