Re: [cas-user] Re: CAS 6.1.3 SAML and JSON
Jeff,
'excludeDefaultAttributes' should be inside 'attributeReleasePolicy'.
Where are you defining 'FirstName' and 'Surname'?
If it is in the list of default attributes, then you want
'excludeDefaultAttributes=false'.
Add this to log4j2.xml:
Ray
P.S. It would be easier to see what is going on if you the service definition
was complete (just in case something else was in the wrong place).
On Wed, 2020-01-29 at 04:50 -0800, stonej wrote:
Hi All,
I am slowly getting there, although now I have hit another hurdle.
I need eduPersonTargetedID, now I can get that by using
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "https://DOMAIN";,
"name" : "Apache Secured By SAML",
"id" : 10011,
"description" : "CAS development Apache mod_shib/shibd server with
username/password protection",
"metadataLocation" : "file:etc/cas/saml/metadata/metadata.xml",
"encryptAssertions": "true",
"excludeDefaultAttributes" : "true",
"attributeReleasePolicy": {
"@class":
"org.apereo.cas.support.saml.services.EduPersonTargetedIdAttributeReleasePolicy",
"salt": "OqmG80fEKBQt",
"attribute": ""
}
}
But I cannot get any other attributes like FirstName, Surname etc.
And also the "excludeDefaultAttributes" : "true", doesn't seem to work, not
sure if I have put it in the correct place.
I have tried :
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName",
"cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"eduPersonPrincipalName" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
"givenName" : "urn:oid:2.5.4.42",
"mail" : "urn:oid:0.9.2342.19200300.100.1.3",
"role" : "urn:hope.ac.uk:attribute-def:role",
"sn" : "urn:oid:2.5.4.4",
"uid" : "urn:oid:0.9.2342.19200300.100.1.1",
"UDC_IDENTIFIER": "urn:hope.ac.uk:attribute-def:UDC_IDENTIFIER",
"eppn" : "urn:oid:0.9.2342.19200300.100.1.1",
"affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1",
"affiliation" : "staff",
"excludeDefaultAttributes" : "true"
}
"persistentIdGenerator" : {
"@class" :
"org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
"salt" : ""OqmG80fEKBQt",
"attribute": "eduPersonTargetedID"
}
And that shows me the attributes but NOT the eduPersonTargetedID. Do I have to
use a Groovy script to pull all the attributes together ?
Thanks
Jeff
On Friday, January 24, 2020 at 1:30:26 AM UTC, Andy Ng wrote:
Hi Travis,
> To remove unwanted authentication attributes add excludeDefaultAttributes:
> true.
Oh we can do that?! Didn't knows about that and good to learn about this!
Thanks Travis :)
Cheers!
- Andy
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/95e0c8c76d4ce6cd9f350ad3b5b84a5292ad2145.camel%40uvic.ca.
Re: [cas-user] Re: CAS 6.1.3 SAML and JSON
Hi All,
I am slowly getting there, although now I have hit another hurdle.
I need eduPersonTargetedID, now I can get that by using
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "https://DOMAIN";,
"name" : "Apache Secured By SAML",
"id" : 10011,
"description" : "CAS development Apache mod_shib/shibd server with
username/password protection",
"metadataLocation" : "file:etc/cas/saml/metadata/metadata.xml",
"encryptAssertions": "true",
"excludeDefaultAttributes" : "true",
"attributeReleasePolicy": {
"@class":
"org.apereo.cas.support.saml.services.EduPersonTargetedIdAttributeReleasePolicy",
"salt": "OqmG80fEKBQt",
"attribute": ""
}
}
But I cannot get any other attributes like FirstName, Surname etc.
And also the "excludeDefaultAttributes" : "true", doesn't seem to work,
not sure if I have put it in the correct place.
I have tried :
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName",
"cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"eduPersonPrincipalName" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
"givenName" : "urn:oid:2.5.4.42",
"mail" : "urn:oid:0.9.2342.19200300.100.1.3",
"role" : "urn:hope.ac.uk:attribute-def:role",
"sn" : "urn:oid:2.5.4.4",
"uid" : "urn:oid:0.9.2342.19200300.100.1.1",
"UDC_IDENTIFIER": "urn:hope.ac.uk:attribute-def:UDC_IDENTIFIER",
"eppn" : "urn:oid:0.9.2342.19200300.100.1.1",
"affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1",
"affiliation" : "staff",
"excludeDefaultAttributes" : "true"
}
"persistentIdGenerator" : {
"@class" :
"org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
"salt" : ""OqmG80fEKBQt",
"attribute": "eduPersonTargetedID"
}
And that shows me the attributes but NOT the eduPersonTargetedID. Do I
have to use a Groovy script to pull all the attributes together ?
Thanks
Jeff
On Friday, January 24, 2020 at 1:30:26 AM UTC, Andy Ng wrote:
>
> Hi Travis,
>
> > To remove unwanted authentication attributes add
> excludeDefaultAttributes: true.
>
> Oh we can do that?! Didn't knows about that and good to learn about this!
> Thanks Travis :)
>
> Cheers!
> - Andy
>
--
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/231a13b4-d3a6-4205-aaef-cc05b3897da5%40apereo.org.
Re: [cas-user] Re: CAS 6.1.3 SAML and JSON
Hi Travis, > To remove unwanted authentication attributes add excludeDefaultAttributes: true. Oh we can do that?! Didn't knows about that and good to learn about this! Thanks Travis :) Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/656c1a0a-800f-4416-a422-ec6f9cb55aa3%40apereo.org.
Re: [cas-user] Re: CAS 6.1.3 SAML and JSON
To remove unwanted authentication attributes add excludeDefaultAttributes:
true.
On Thu, Jan 23, 2020 at 7:33 AM Josh wrote:
> Apologies, I see you have that already, I mis-read the original post :)
>
> On Thursday, January 23, 2020 at 10:32:36 AM UTC-5, Josh wrote:
>>
>> You dont need an allowedAttributes sections for this, just an
>> attributeReleasePolicy like so:
>>
>>attributeReleasePolicy : {
>> @class :
>> org.apereo.cas.services.ReturnMappedAttributeReleasePolicy
>> allowedAttributes : {
>> @class : java.util.TreeMap
>> mail : "urn:oid:0.9.2342.19200300.100.1.3"
>> gecos : "urn:oid:2.16.840.1.113730.3.1.241"
>> eduPersonPrincipalName : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
>> }
>> }
>>
>>
>> On Thursday, January 23, 2020 at 3:54:19 AM UTC-5, stonej wrote:
>>>
>>> Hello All,
>>>
>>> I am trying to move away from shibboleth IDP and move to CAS IDP but
>>> having a few issues, I have had a look at the documentation and this group
>>> and cannot seem to find the answer. I need to pass certain attributes,
>>> these ones -
>>>
>>> urn:oid:0.9.2342.19200300.100.1.3 - mail value email address
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value member
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value staff or
>>> student
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.6 - eduPersonPrincipalName mail value
>>> email address
>>> urn:oid:2.5.4.4 - sn value surname
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value
>>> mem...@domain.com
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value
>>> staff or stu...@domain.com
>>> urn:oid:2.5.4.42 - givenName value First Name
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.10 - eduPersonTargetedID Value random id
>>> based on salt
>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.7 - eduPersonEntitlement value
>>> urn:mace:dir:entitlement:common-lib-terms
>>>
>>> but I am getting :
>>>
>>> credentialType credentialType UsernamePasswordCredential
>>> samlAuthenticationStatementAuthMethod
>>> samlAuthenticationStatementAuthMethod
>>> urn:oasis:names:tc:SAML:1.0:am:password
>>> isFromNewLogin isFromNewLogin true
>>> authenticationDate authenticationDate 2020-01-22T13:59:03.213799Z
>>> urn:oid:0.9.2342.19200300.100.1.3 urn:oid:0.9.2342.19200300.100.1.3
>>> em...@domain.com
>>> authenticationMethod authenticationMethod LdapAuthenticationHandler
>>> urn:oid:0.9.2342.19200300.100.1.1 urn:oid:0.9.2342.19200300.100.1.1
>>> Username
>>> successfulAuthenticationHandlers successfulAuthenticationHandlers
>>> LdapAuthenticationHandler
>>> longTermAuthenticationRequestTokenUsed
>>> longTermAuthenticationRequestTokenUsed false
>>> urn:oid:2.5.4.42 urn:oid:2.5.4.42 FirstName
>>> urn:oid:2.5.4.4 urn:oid:2.5.4.4 Surname
>>>
>>> Here is my JSON file:
>>>
>>> {
>>> "@class" :
>>> "org.apereo.cas.support.saml.services.SamlRegisteredService",
>>> "serviceId" : "SERVICE",
>>> "name" : "Apache Secured By SAML",
>>> "id" : 10011,
>>> "description" : "CAS development Apache mod_shib/shibd server with
>>> username/password protection",
>>> "metadataLocation" : "file:etc/cas/saml/metadata/metadata.xml",
>>> "encryptAssertions": "true",
>>> "attributeReleasePolicy" : {
>>> "@class" :
>>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
>>> "allowedAttributes" : {
>>> "@class" : "java.util.TreeMap",
>>> "eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName",
>>> "cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
>>> "displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
>>> "givenName" : "urn:oid:2.5.4.42",
>>> "mail" : "urn:oid:0.9.2342.19200300.100.1.3",
>>> "role" : "urn:DOMAIN:attribute-def:role",
>>> "sn" : "urn:oid:2.5.4.4",
>>> "uid" : "urn:oid:0.9.2342.19200300.100.1.1",
>>> "UDC_IDENTIFIER": "urn:DOMAIN:attribute-def:UDC_IDENTIFIER",
>>> "eppn" : "urn:oid:0.9.2342.19200300.100.1.1"
>>> "affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
>>> "affiliation" : "staff"
>>> }
>>> "persistentIdGenerator" : {
>>> "@class" :
>>> "org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
>>> "salt" : "aGVsbG93b3JsZA==",
>>> "attribute": "eduPersonEntitlement"
>>> }
>>> },
>>> "evaluationOrder" : 1125
>>> }
>>>
>>>
>>> What am I doing wrong ? I do have other files to prepare but I know if
>>> I can get this one working I can get the other ones working,
>>>
>>> Thanks for all your help
>>>
>>> Jeff
>>>
>>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web v
[cas-user] Re: CAS 6.1.3 SAML and JSON
Apologies, I see you have that already, I mis-read the original post :)
On Thursday, January 23, 2020 at 10:32:36 AM UTC-5, Josh wrote:
>
> You dont need an allowedAttributes sections for this, just an
> attributeReleasePolicy like so:
>
>attributeReleasePolicy : {
> @class : org.apereo.cas.services.ReturnMappedAttributeReleasePolicy
> allowedAttributes : {
> @class : java.util.TreeMap
> mail : "urn:oid:0.9.2342.19200300.100.1.3"
> gecos : "urn:oid:2.16.840.1.113730.3.1.241"
> eduPersonPrincipalName : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
> }
> }
>
>
> On Thursday, January 23, 2020 at 3:54:19 AM UTC-5, stonej wrote:
>>
>> Hello All,
>>
>> I am trying to move away from shibboleth IDP and move to CAS IDP but
>> having a few issues, I have had a look at the documentation and this group
>> and cannot seem to find the answer. I need to pass certain attributes,
>> these ones -
>>
>> urn:oid:0.9.2342.19200300.100.1.3 - mail value email address
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value member
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value staff or
>> student
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.6 - eduPersonPrincipalName mail value
>> email address
>> urn:oid:2.5.4.4 - sn value surname
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value
>> mem...@domain.com
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value
>> staff or stu...@domain.com
>> urn:oid:2.5.4.42 - givenName value First Name
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.10 - eduPersonTargetedID Value random id
>> based on salt
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.7 - eduPersonEntitlement value
>> urn:mace:dir:entitlement:common-lib-terms
>>
>> but I am getting :
>>
>> credentialType credentialType UsernamePasswordCredential
>> samlAuthenticationStatementAuthMethod
>> samlAuthenticationStatementAuthMethod
>> urn:oasis:names:tc:SAML:1.0:am:password
>> isFromNewLogin isFromNewLogin true
>> authenticationDate authenticationDate 2020-01-22T13:59:03.213799Z
>> urn:oid:0.9.2342.19200300.100.1.3 urn:oid:0.9.2342.19200300.100.1.3
>> em...@domain.com
>> authenticationMethod authenticationMethod LdapAuthenticationHandler
>> urn:oid:0.9.2342.19200300.100.1.1 urn:oid:0.9.2342.19200300.100.1.1
>> Username
>> successfulAuthenticationHandlers successfulAuthenticationHandlers
>> LdapAuthenticationHandler
>> longTermAuthenticationRequestTokenUsed
>> longTermAuthenticationRequestTokenUsed false
>> urn:oid:2.5.4.42 urn:oid:2.5.4.42 FirstName
>> urn:oid:2.5.4.4 urn:oid:2.5.4.4 Surname
>>
>> Here is my JSON file:
>>
>> {
>> "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
>> "serviceId" : "SERVICE",
>> "name" : "Apache Secured By SAML",
>> "id" : 10011,
>> "description" : "CAS development Apache mod_shib/shibd server with
>> username/password protection",
>> "metadataLocation" : "file:etc/cas/saml/metadata/metadata.xml",
>> "encryptAssertions": "true",
>> "attributeReleasePolicy" : {
>> "@class" :
>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
>> "allowedAttributes" : {
>> "@class" : "java.util.TreeMap",
>> "eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName",
>> "cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
>> "displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
>> "givenName" : "urn:oid:2.5.4.42",
>> "mail" : "urn:oid:0.9.2342.19200300.100.1.3",
>> "role" : "urn:DOMAIN:attribute-def:role",
>> "sn" : "urn:oid:2.5.4.4",
>> "uid" : "urn:oid:0.9.2342.19200300.100.1.1",
>> "UDC_IDENTIFIER": "urn:DOMAIN:attribute-def:UDC_IDENTIFIER",
>> "eppn" : "urn:oid:0.9.2342.19200300.100.1.1"
>> "affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
>> "affiliation" : "staff"
>> }
>> "persistentIdGenerator" : {
>> "@class" :
>> "org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
>> "salt" : "aGVsbG93b3JsZA==",
>> "attribute": "eduPersonEntitlement"
>> }
>> },
>> "evaluationOrder" : 1125
>> }
>>
>>
>> What am I doing wrong ? I do have other files to prepare but I know if I
>> can get this one working I can get the other ones working,
>>
>> Thanks for all your help
>>
>> Jeff
>>
>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/04d8a27f-bbf9-43f2-926a-67f1e07fc45d%40apereo.org.
[cas-user] Re: CAS 6.1.3 SAML and JSON
You dont need an allowedAttributes sections for this, just an
attributeReleasePolicy like so:
attributeReleasePolicy : {
@class : org.apereo.cas.services.ReturnMappedAttributeReleasePolicy
allowedAttributes : {
@class : java.util.TreeMap
mail : "urn:oid:0.9.2342.19200300.100.1.3"
gecos : "urn:oid:2.16.840.1.113730.3.1.241"
eduPersonPrincipalName : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
}
}
On Thursday, January 23, 2020 at 3:54:19 AM UTC-5, stonej wrote:
>
> Hello All,
>
> I am trying to move away from shibboleth IDP and move to CAS IDP but
> having a few issues, I have had a look at the documentation and this group
> and cannot seem to find the answer. I need to pass certain attributes,
> these ones -
>
> urn:oid:0.9.2342.19200300.100.1.3 - mail value email address
> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value member
> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value staff or
> student
> urn:oid:1.3.6.1.4.1.5923.1.1.1.6 - eduPersonPrincipalName mail value email
> address
> urn:oid:2.5.4.4 - sn value surname
> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value
> mem...@domain.com
> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value staff
> or stu...@domain.com
> urn:oid:2.5.4.42 - givenName value First Name
> urn:oid:1.3.6.1.4.1.5923.1.1.1.10 - eduPersonTargetedID Value random id
> based on salt
> urn:oid:1.3.6.1.4.1.5923.1.1.1.7 - eduPersonEntitlement value
> urn:mace:dir:entitlement:common-lib-terms
>
> but I am getting :
>
> credentialType credentialType UsernamePasswordCredential
> samlAuthenticationStatementAuthMethod
> samlAuthenticationStatementAuthMethod
> urn:oasis:names:tc:SAML:1.0:am:password
> isFromNewLogin isFromNewLogin true
> authenticationDate authenticationDate 2020-01-22T13:59:03.213799Z
> urn:oid:0.9.2342.19200300.100.1.3 urn:oid:0.9.2342.19200300.100.1.3
> em...@domain.com
> authenticationMethod authenticationMethod LdapAuthenticationHandler
> urn:oid:0.9.2342.19200300.100.1.1 urn:oid:0.9.2342.19200300.100.1.1
> Username
> successfulAuthenticationHandlers successfulAuthenticationHandlers
> LdapAuthenticationHandler
> longTermAuthenticationRequestTokenUsed
> longTermAuthenticationRequestTokenUsed false
> urn:oid:2.5.4.42 urn:oid:2.5.4.42 FirstName
> urn:oid:2.5.4.4 urn:oid:2.5.4.4 Surname
>
> Here is my JSON file:
>
> {
> "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
> "serviceId" : "SERVICE",
> "name" : "Apache Secured By SAML",
> "id" : 10011,
> "description" : "CAS development Apache mod_shib/shibd server with
> username/password protection",
> "metadataLocation" : "file:etc/cas/saml/metadata/metadata.xml",
> "encryptAssertions": "true",
> "attributeReleasePolicy" : {
> "@class" :
> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
> "allowedAttributes" : {
> "@class" : "java.util.TreeMap",
> "eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName",
> "cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
> "displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
> "givenName" : "urn:oid:2.5.4.42",
> "mail" : "urn:oid:0.9.2342.19200300.100.1.3",
> "role" : "urn:DOMAIN:attribute-def:role",
> "sn" : "urn:oid:2.5.4.4",
> "uid" : "urn:oid:0.9.2342.19200300.100.1.1",
> "UDC_IDENTIFIER": "urn:DOMAIN:attribute-def:UDC_IDENTIFIER",
> "eppn" : "urn:oid:0.9.2342.19200300.100.1.1"
> "affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
> "affiliation" : "staff"
> }
> "persistentIdGenerator" : {
> "@class" :
> "org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
> "salt" : "aGVsbG93b3JsZA==",
> "attribute": "eduPersonEntitlement"
> }
> },
> "evaluationOrder" : 1125
> }
>
>
> What am I doing wrong ? I do have other files to prepare but I know if I
> can get this one working I can get the other ones working,
>
> Thanks for all your help
>
> Jeff
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d7120e00-0c4f-440f-aba9-8a6241a8bcf3%40apereo.org.
[cas-user] Re: CAS 6.1.3 SAML and JSON
Hi Andy,
I have tried that so only this in the JSON:
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "SERVICE",
"name" : "Apache Secured By SAML",
"id" : 10011,
"description" : "CAS development Apache mod_shib/shibd server with
username/password protection",
"metadataLocation" : "file:etc/cas/saml/metadata/metadata.xml",
"encryptAssertions": "true",
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
"evaluationOrder" : 1125
}
and still get:
credentialType credentialType UsernamePasswordCredential
samlAuthenticationStatementAuthMethod samlAuthenticationStatementAuthMethod
urn:oasis:names:tc:SAML:1.0:am:password
isFromNewLogin isFromNewLogin true
authenticationDate authenticationDate 2020-01-22T13:59:03.213799Z
urn:oid:0.9.2342.19200300.100.1.3 urn:oid:0.9.2342.19200300.100.1.3
em...@domain.com
authenticationMethod authenticationMethod LdapAuthenticationHandler
urn:oid:0.9.2342.19200300.100.1.1 urn:oid:0.9.2342.19200300.100.1.1 Username
successfulAuthenticationHandlers successfulAuthenticationHandlers
LdapAuthenticationHandler
longTermAuthenticationRequestTokenUsed
longTermAuthenticationRequestTokenUsed false
urn:oid:2.5.4.42 urn:oid:2.5.4.42 FirstName
urn:oid:2.5.4.4 urn:oid:2.5.4.4 Surname
I cannot seem to turn off the unwanted attributes :
credentialType, samlAuthenticationStatementAuthMethod, etc
and I cannot seem to add attributes - eduPersonEntitlement needs to
be urn:mace:dir:entitlement:common-lib-terms
Would I need to write a Groovy script to do that ?
Thanks
Jeff
On Thursday, 23 January 2020 09:51:14 UTC, Andy Ng wrote:
>
> Hi Jeff,
>
> Have you tried allow all and see if the issue is due to the allowAttribute
> or other matter?
>
> Setup allow all as such:
> https://apereo.github.io/cas/6.0.x/integration/Attribute-Release-Policies.html#return-all
>
> Cheers!
> - Andy
>
--
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a2b2e4ad-6219-4927-835b-eaad74528e5f%40apereo.org.
[cas-user] Re: CAS 6.1.3 SAML and JSON
Hi Jeff, Have you tried allow all and see if the issue is due to the allowAttribute or other matter? Setup allow all as such: https://apereo.github.io/cas/6.0.x/integration/Attribute-Release-Policies.html#return-all Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c0d2eb43-844a-4bc0-9c0d-54375038a242%40apereo.org.
