Re: [cas-user] Get ldap attributes with CAS

Guillaume Chéramy Thu, 24 Sep 2015 13:35:04 -0700

Thanks but you're script don't provide must attributes.

I this this in logs :


2015-09-24 22:16:26,188 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Attempting
LDAP authentication for guillaume.cher...@hisyl.org+password
2015-09-24 22:16:26,193 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP
response:
[org.ldaptive.auth.AuthenticationResponse@801674609::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS,
ldapEntry=[dn=uid=guillaume.cher...@hisyl.org,ou=People,dc=hisyl,dc=org[[uid[guillaume.cher...@hisyl.org]],
[mail[guillaume.cher...@hisyl.org]], [sn[Chéramy]],
[givenName[Guillaume]]], responseControls=null, messageId=-1],
accountState=null, result=true, resultCode=SUCCESS, message=null,
controls=null]
2015-09-24 22:16:26,188 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Attempting
LDAP authentication for guillaume.cher...@hisyl.org+password
2015-09-24 22:16:26,193 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP
response:
[org.ldaptive.auth.AuthenticationResponse@801674609::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS,
ldapEntry=[dn=uid=guillaume.cher...@hisyl.org,ou=People,dc=hisyl,dc=org[[uid[guillaume.cher...@hisyl.org]],
[mail[guillaume.cher...@hisyl.org]], [sn[Chéramy]],
[givenName[Guillaume]]], responseControls=null, messageId=-1],
accountState=null, result=true, resultCode=SUCCESS, message=null,
controls=null]
2015-09-24 22:16:26,194 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found
principal attribute: [uid[guillaume.cher...@hisyl.org]]
2015-09-24 22:16:26,194 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found
principal attribute: [mail[guillaume.cher...@hisyl.org]]
2015-09-24 22:16:26,194 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found
principal attribute: [sn[Chéramy]]
2015-09-24 22:16:26,194 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found
principal attribute: [givenName[Guillaume]]
2015-09-24 22:16:26,195 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
LdapAuthenticationHandler successfully authenticated
guillaume.cher...@hisyl.org+password
2015-09-24 22:16:26,196 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - No
resolver configured for LdapAuthenticationHandler. Falling back to
handler principal guillaume.cher...@hisyl.org
2015-09-24 22:16:26,198 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
Authenticated guillaume.cher...@hisyl.org with credentials
[guillaume.cher...@hisyl.org+password].
2015-09-24 22:16:26,199 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
Attribute map for guillaume.cher...@hisyl.org:
{uid=guillaume.cher...@hisyl.org, mail=guillaume.cher...@hisyl.org,
sn=Chéramy, givenName=Guillaume}
2015-09-24 22:16:26,195 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
LdapAuthenticationHandler successfully authenticated
guillaume.cher...@hisyl.org+password
2015-09-24 22:16:26,196 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - No
resolver configured for LdapAuthenticationHandler. Falling back to
handler principal guillaume.cher...@hisyl.org
2015-09-24 22:16:26,198 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
Authenticated guillaume.cher...@hisyl.org with credentials
[guillaume.cher...@hisyl.org+password].
2015-09-24 22:16:26,199 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
Attribute map for guillaume.cher...@hisyl.org:
{uid=guillaume.cher...@hisyl.org, mail=guillaume.cher...@hisyl.org,
sn=Chéramy, givenName=Guillaume}

So we can see CAS retrive attributes :
2015-09-24 22:16:26,194 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found
principal attribute: [uid[guillaume.cher...@hisyl.org]]
2015-09-24 22:16:26,194 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found
principal attribute: [mail[guillaume.cher...@hisyl.org]]
2015-09-24 22:16:26,194 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found
principal attribute: [sn[Chéramy]]
2015-09-24 22:16:26,194 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found
principal attribute: [givenName[Guillaume]]

But cas client can't see ths attributes :-(

Le 24/09/2015 00:45, Manfredo Hopp a écrit :
> Hi this script was usefull to me: 
>
> I know there can be changes due to updated version of phpCAS.
>
> Regards Manfredo
>
> <?php
>
> //initialize the CAS library
> require_once('auth/cas/CAS/CAS.php');
> $_REQUEST['login'] = 'uday';
> phpCAS::client(CAS_VERSION_2_0, 'server.name <http://server.name>',
> 8444,'/cas');
>
> phpCAS::setDebug($filename='phpCAS.log');
> phpCAS::traceBegin();
> phpCAS::setCasServerCACert('/xxx/yyy/cert.pem'); /
> //phpCAS::setNoCasServerValidation();   
>
> //if the user is requesting to be logged in
> if (isset($_REQUEST['login'])) {
>    phpCAS::forceAuthentication();
>    //the user is known to be logged in to CAS at this point
>    $_SESSION['loggedInLocally'] = TRUE;  //set a local variable
> telling the program we are logged in
>    $_SESSION['username'] = phpCAS::getUser();  //this stores their
> network user id
>
> }
>
> //if we want to log out of the program
> if (isset($_REQUEST['logout'])) {
> phpCAS::logout();
>    $_SESSION['loggedInLocally'] = false;
>    unset($_SESSION['username']);
> }
>
> if (isset($_SESSION['loggedInLocally']) &&
> $_SESSION['loggedInLocally']===true) {
> echo "You are logged in to the application";
> } else {
>    echo "You are not logged in to the application.  Log in by specifying
> the 'login' log parameter to this script.";
> }
>  
> phpCAS::traceEnd();
>
> ?> 
>
> <html>
> <head>
> <title>phpCAS simple client</title>
> </head>
> <body>
> <h1>Successfull Authentication!</h1>
> <?php require 'script_info.php' ?>
> <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p>
> <p>phpCAS version is <b><?php echo phpCAS::getVersion(); ?></b>.</p>
> <p><a href="?logout=">Logout</a></p>
> </body>
> </html>
>
>
> 2015-09-23 8:24 GMT-03:00 Guillaume Chéramy <guilla...@cheramy.name
> <mailto:guilla...@cheramy.name>>:
>
>     Hello,
>
>        I search and try lots of configuration and I have no results.
>
>     I want to provide ldap attributes from CAS I have defined
>     ldapPersonAttributeDao in deployerConfigContext.xml :
>
>     <bean id="ldapPersonAttributeDao"
>
>     
> class="org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao"
>           p:connectionFactory-ref="searchPooledLdapConnectionFactory"
>           p:baseDN="${ldap.baseDn}"
>           p:searchControls-ref="searchControls"
>           p:searchFilter="uid={0}">
>         <property name="resultAttributeMapping">
>             <map>
>                 <!--
>                    | Key is LDAP attribute name, value is principal
>     attribute name.
>                    -->
>                 <entry key="uid" value="uid" />
>                 <entry key="mail" value="mail" />
>             </map>
>         </property>
>     </bean>
>
>     <bean id="searchControls"
>           class="javax.naming.directory.SearchControls"
>           p:searchScope="2"
>           p:countLimit="10" />
>
>
>     I have no restriction in my service json :
>
>     {
>       "@class" : "org.jasig.cas.services.RegexRegisteredService",
>       "serviceId" : "^https://phptestcas.domaine.com/.*";,
>       "name" : "phptestcas",
>       "id" : 10000003,
>       "description" : "Authorization for testing application phptestcas.",
>       "proxyPolicy" : {
>         "@class" :
>     "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
>       },
>       "evaluationOrder" : 0,
>       "usernameAttributeProvider" : {
>         "@class" :
>     "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
>       },
>       "logoutType" : "BACK_CHANNEL",
>       "accessStrategy" : {
>         "@class" :
>     "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
>         "enabled" : true,
>         "ssoEnabled" : true
>       }
>     }
>
>     But when I try a with phpcas to get attributes :
>     <p>uid : <b><?php echo phpCAS::getAttribute('uid'); ?></b>.</p>
>     <p>mail : <b><?php echo phpCAS::getAttribute('mail'); ?></b>.</p>
>
>     I have no results.
>
>     What I missing ?
>
>     Sincerely
>
>     guidtz
>
>     --
>     You are currently subscribed to cas-user@lists.jasig.org
>     <mailto:cas-user@lists.jasig.org> as: mhopp.coni...@gmail.com
>     <mailto:mhopp.coni...@gmail.com>
>     To unsubscribe, change settings or access archives, see
>     http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> guilla...@cheramy.name
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Get ldap attributes with CAS

Reply via email to