RE: [cas-user] CAS 4.0 & AD & ADFS & OFFICE 365

2015-06-25 Thread Daniel . CHARLOT 

Ok,
Thanks you very much.



Le 2015-06-25 02:21, Misagh Moayyed a écrit :
At this point, I don’t think it's possible. Your other option would be 
to
have ADFS <-> Shib <-> Shib/CAS Authn <-> CAS. 4.1.SNAPSHOT presents no 
such
feature that I am aware of. If ADFS supports gets added, it would only 
be to

make CAS, an ADFS client and not the other way around.


-Original Message-
From: daniel.char...@unice.fr [mailto:daniel.char...@unice.fr]
Sent: Wednesday, June 24, 2015 1:58 PM
To: cas-user@lists.jasig.org
Subject: [cas-user] CAS 4.0 & AD & ADFS & OFFICE 365





Hello,

I ask myself a question. Could you give me your opinion ?

A person from Microsfot presents us the Office 365 solution in our
university.

To connect to Office 365, they advise us to install an AD server with 
a
frontal ADFS server that connects to our Shibboleth authentication 
server

(I
understand that only CAS version 4.1 SNAPSHOT allows SAML2.0 with adfs 
.

Maybe im wrong...)

But I wonder : is it possible to simply connect the AD server with the 
CAS

4.0 and so do not use adfs server?

The Web client goes through the CAS server and the AD server that
integrates
the connection and sends the profile to the AD server AZURE Office 365 
...

is it possible?

Thank you for your help

Daniel CHARLOT
Université de Nice.


--
You are currently subscribed to cas-user@lists.jasig.org as:
mmoay...@unicon.net To unsubscribe, change settings or access 
archives,

see
http://www.ja-sig.org/wiki/display/JSG/cas-user


--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS 4.0 & AD & ADFS & OFFICE 365

2015-06-24 Thread Daniel . CHARLOT 

Hello,

I ask myself a question. Could you give me your opinion ?

A person from Microsfot presents us the Office 365 solution in our 
university.


To connect to Office 365, they advise us to install an AD server with a 
frontal ADFS server that connects to our Shibboleth authentication 
server (I understand that only CAS version 4.1 SNAPSHOT allows SAML2.0 
with adfs . Maybe im wrong...)


But I wonder : is it possible to simply connect the AD server with the 
CAS 4.0 and so do not use adfs server?


The Web client goes through the CAS server and the AD server that 
integrates the connection and sends the profile to the AD server AZURE 
Office 365 ... is it possible?


Thank you for your help

Daniel CHARLOT
Université de Nice.


--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release

2014-10-16 Thread Daniel . CHARLOT 
Ok Thanks. I will wait the 4.1, it is more simple for me.

-
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 16 oct. 2014 à 10:43, Misagh Moayyed  a écrit :

> Well, you can point your overlay to 4.1-SNAPSHOT where the fix goes in…or you 
> could point your client to point to /p3/serviceValidate if you don’t need 
> saml, or you can grab a copy of the java file, put it in your overlay only, 
> make the fix, make sure it compiles and off you go (and submit a patch to the 
> project when you get around to it).
>  
> From: daniel.char...@unice.fr [mailto:daniel.char...@unice.fr] 
> Sent: Thursday, October 16, 2014 1:39 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release
>  
> But now how to resolve the problem ?
> I have to recompile cas-server-support-saml ?  Any jar ready to use ?
> Sorry, but Im not userfriendly with java and I have too many  CAS client for 
> change the target url.
>  
> Many Thanks.
> ---------
> Daniel CHARLOT
> D.S.I. Université de Nice Sophia-Antipolis
> Administrateur Systèmes et Réseaux
> 28, avenue de Valrose - BP 2135 - 06103 NICE 
> Tél : 04-92-07-67-07
> 
> 
>  
>  
>  
>  
>  
>  
>  
> 
> 
>  
> Le 15 oct. 2014 à 12:11, Misagh Moayyed  a écrit :
> 
> 
> I was able to duplicate this. There is a discrepancy between CAS views and 
> SAML views; PrimaryAuthn is used in one but not the other.
>  
> Submitted this issue to track:
> https://github.com/Jasig/cas/issues/722
>  
> For the time being, would you be able to point your CAS client to 
> /p3/serviceValidate and not use SAML? That should get you only the attributes 
> you allowed.
>  
> From: Carlos Olivera [mailto:carlosroliv...@gmail.com] 
> Sent: Tuesday, October 14, 2014 7:45 AM
> To: cas-user@lists.jasig.org
> Cc: cas-user@lists.jasig.org; cas-user@lists.jasig.org; 
> daniel.char...@unice.fr
> Subject: Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release
>  
> Ok, now I have more information about this issue, I know where the problem is 
> located but I don't know why it happens.
>  
> I will enumerate all relevant steps from getting the attributes to saml 
> creation of attributes (At least how I think it works)
> CentralAuthenticationServiceImpl: createTicketGrantingTicket(final 
> Credential... credentials) calls 
> this.authenticationManager.authenticate(credentials)
> authenticateUsernamePasswordInternal: In this method, I get the user from DB 
> and load all its attributes. I return: createHandlerResult(credential, new 
> SimplePrincipal(username, atributos), null); "atributos" contains all the 
> user attributes. So, from now on, Principal will have all the attributes, in 
> my test "name" and "lastname"
> CentralAuthenticationServiceImpl: createTicketGrantingTicket(final 
> Credential... credentials) creates the ticket. The ticket has an 
> Authentication object which contains the Principal created.
> At some point the code hits validateServiceTicket and finishes returning an 
> ImmutableAssertion with the following attributes:
> primary (Authentication), it's and Authentication object with a 
> modifiedPrincipal. This particular principal has all the attributes I want 
> because it went through all the necessary filters.
> chained (List), this list references to 
> serviceTicket.getGrantingTicket().getChainedAuthentications(), it only has 
> one item, and the principal contained in that Authentication item is the 
> first one created with all the attributes.
> At last, the code hits Saml10SuccessResponseView.prepareResponse, the first 
> line gets an Authentication object from: 
> final Authentication authentication = 
> getAssertionFrom(model).getChainedAuthentications().get(0); and from that 
> Authentication retrieves all the attributes.
> In a simple test, I changed
>  getAssertionFrom(model).getChainedAuthentications().get(0)
> to 
> getAssertionFrom(model).getPrimaryAuthentication()
>  
> and it works, now I'm getting only the attributes that I want in the client.
>  
> I'm sure this isn't a viable solution, because I'm messing with 
> Saml10SuccessResponseView and I shouldn't, but I wanted to know if that was 
> the problem. With all this new information, maybe some of you could tell me 
> what I'm doing wrong and guide me in the right direction.
>  
> Thanks in advance.
> 
> El lunes, 13 de octubre

Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release

2014-10-16 Thread Daniel . CHARLOT 
But now how to resolve the problem ?
I have to recompile cas-server-support-saml ?  Any jar ready to use ?
Sorry, but Im not userfriendly with java and I have too many  CAS client for 
change the target url.

Many Thanks.
-
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 15 oct. 2014 à 12:11, Misagh Moayyed  a écrit :

> I was able to duplicate this. There is a discrepancy between CAS views and 
> SAML views; PrimaryAuthn is used in one but not the other.
>  
> Submitted this issue to track:
> https://github.com/Jasig/cas/issues/722
>  
> For the time being, would you be able to point your CAS client to 
> /p3/serviceValidate and not use SAML? That should get you only the attributes 
> you allowed.
>  
> From: Carlos Olivera [mailto:carlosroliv...@gmail.com] 
> Sent: Tuesday, October 14, 2014 7:45 AM
> To: cas-user@lists.jasig.org
> Cc: cas-user@lists.jasig.org; cas-user@lists.jasig.org; 
> daniel.char...@unice.fr
> Subject: Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release
>  
> Ok, now I have more information about this issue, I know where the problem is 
> located but I don't know why it happens.
>  
> I will enumerate all relevant steps from getting the attributes to saml 
> creation of attributes (At least how I think it works)
> CentralAuthenticationServiceImpl: createTicketGrantingTicket(final 
> Credential... credentials) calls 
> this.authenticationManager.authenticate(credentials)
> authenticateUsernamePasswordInternal: In this method, I get the user from DB 
> and load all its attributes. I return: createHandlerResult(credential, new 
> SimplePrincipal(username, atributos), null); "atributos" contains all the 
> user attributes. So, from now on, Principal will have all the attributes, in 
> my test "name" and "lastname"
> CentralAuthenticationServiceImpl: createTicketGrantingTicket(final 
> Credential... credentials) creates the ticket. The ticket has an 
> Authentication object which contains the Principal created.
> At some point the code hits validateServiceTicket and finishes returning an 
> ImmutableAssertion with the following attributes:
> primary (Authentication), it's and Authentication object with a 
> modifiedPrincipal. This particular principal has all the attributes I want 
> because it went through all the necessary filters.
> chained (List), this list references to 
> serviceTicket.getGrantingTicket().getChainedAuthentications(), it only has 
> one item, and the principal contained in that Authentication item is the 
> first one created with all the attributes.
> At last, the code hits Saml10SuccessResponseView.prepareResponse, the first 
> line gets an Authentication object from: 
> final Authentication authentication = 
> getAssertionFrom(model).getChainedAuthentications().get(0); and from that 
> Authentication retrieves all the attributes.
> In a simple test, I changed
>  getAssertionFrom(model).getChainedAuthentications().get(0)
> to 
> getAssertionFrom(model).getPrimaryAuthentication()
>  
> and it works, now I'm getting only the attributes that I want in the client.
>  
> I'm sure this isn't a viable solution, because I'm messing with 
> Saml10SuccessResponseView and I shouldn't, but I wanted to know if that was 
> the problem. With all this new information, maybe some of you could tell me 
> what I'm doing wrong and guide me in the right direction.
>  
> Thanks in advance.
> 
> El lunes, 13 de octubre de 2014 12:26:34 UTC-2, daniel@unice.fr escribió:
> Me yeah, SAML 1.1 with an function php which does just a getAttribute().
>  
> -
> Daniel CHARLOT
> D.S.I. Université de Nice Sophia-Antipolis
> Administrateur Systèmes et Réseaux
> 28, avenue de Valrose - BP 2135 - 06103 NICE 
> Tél : 04-92-07-67-07
>  
>  
>  
>  
>  
>  
>  
>  
>  
> 
>  
> Le 13 oct. 2014 à 16:18, Misagh Moayyed  a écrit :
> 
> 
> Nothing jumps out at me in your configuration. I’ll run some tests to see if 
> I can duplicate the error and provide an explanation.
>  
> Do I remember correctly that you said you were using SAML 1.1 to get 
> attributes?
>  
> From: Carlos Olivera [mailto:car...@gmail.com] 
> Sent: Monday, October 13, 2014 5:00 AM
> To: cas-...@lists.jasig.org
> Cc: daniel@unice.fr
> Subject: Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release
>  
> Sorry, the client code to retrieve the attributes is:
>  
>  
> Attribu

Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release

2014-10-13 Thread Daniel . CHARLOT 
Me yeah, SAML 1.1 with an function php which does just a getAttribute().

-
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 13 oct. 2014 à 16:18, Misagh Moayyed  a écrit :

> Nothing jumps out at me in your configuration. I’ll run some tests to see if 
> I can duplicate the error and provide an explanation.
>  
> Do I remember correctly that you said you were using SAML 1.1 to get 
> attributes?
>  
> From: Carlos Olivera [mailto:carlosroliv...@gmail.com] 
> Sent: Monday, October 13, 2014 5:00 AM
> To: cas-user@lists.jasig.org
> Cc: daniel.char...@unice.fr
> Subject: Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release
>  
> Sorry, the client code to retrieve the attributes is:
>  
>  
> AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal();
> Map attributes = principal.getAttributes();
>  
> 2014-10-13 9:50 GMT-02:00 Carlos Olivera :
> I tried to debug the code in order to figure out when the principal was saved 
> with all the attributes. I got the following Assertion (ImmutableAssertion) 
> object created (ServiceValidateController):
>  
> primaryAuthentication (ImmutableAuthentication): The Principal has an empty 
> list of attributes, wich is what I need according to my configuation.
> chainedAuthentications (List): Return a list with 
> only one item, but in that case the Principal in the Authentication object 
> has ALL the attributes of the user.
> Is that the standard behaviour in the login proccess?
>  
> Something I haven't said yet, to retrieve the attributes from the client I 
> use the following code:
> AttributePrincipal principal = (AttributePrincipal)request.
> Map attributes = principal.getAttributes();
>  
> is that ok??? 
>  
> I don't know if any of that helps, but maybe for an experienced user it could 
> mean something.
> 
> El lunes, 13 de octubre de 2014 08:51:15 UTC-2, daniel@unice.fr escribió:
> Hi,
>  
> Here my deployerconfig. I have the same problem than carlos. I dont 
> understand why i have all attributes..
> I have tried both with Attributefilter and allowedattributes but its the same.
> -- 
> You are currently subscribed to cas-...@lists.jasig.org as: 
> jasig-cas-user...@googlegroups.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> carlosroliv...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mmoay...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> daniel.char...@unice.fr
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release

2014-10-13 Thread Daniel . CHARLOT 
Hi,Here my deployerconfig. I have the same problem than carlos. I dont understand why i have all attributes..I have tried both with Attributefilter and allowedattributes but its the same.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


deployer
Description: Binary data
Thanks a lot.
-Daniel CHARLOTD.S.I. Université de Nice Sophia-AntipolisAdministrateur Systèmes et Réseaux28, avenue de Valrose - BP 2135 - 06103 NICE Tél : 04-92-07-67-07

Le 13 oct. 2014 à 10:02, Misagh Moayyed  a écrit :The filter is probably and admittedly a bad name for what it does. 4.1 should make this all a lot more clear.AllowedAttributes controls what attributes are released. The AttributeFilter controls what attribute values can be released, out of the allowed set. Obviously, if you tweak the first set you would subsequently affect the filter as well...and yes, only what is allowed and can pass through that filter will be made available to the app. If you are receiving everything, post relevant bits of your configuration and we can review.-Original Message-From: Carlos Olivera [mailto:carlosroliv...@gmail.com]Sent: Thursday, October 9, 2014 12:31 PMTo: cas-user@lists.jasig.orgSubject: [cas-user] Cas Server 4.0 | Understanding Attribute ReleaseHi everyone, I'm currently working with Cas server 4.0 and applying customizations, but there's still something I can't quite figure out yet.In the section of attribute release says:First:Attributes are controlled by the Person Directory project and returned to scoped services via the SAML 1.1 protocolor the CAS protocol.Attributes pass through a two-step process:Resolution: Done at the time of establishing the principal via PrincipalResolver components where attributes are resolved from various sources that are outlined below.Release: Adopters must explicitly configure attribute release for services in order for the resolved attributes to be released to a service in the validation response.My question is, what happens when the service reduces the number of attributes to release either by using "getAllowedAttributes" or by getAttributeFilter? Does it mean that whenever I get a reference to AttributePrincipal in the client, only those released attributes will be available? If I'm getting that last one wrong, what is the use of allowedAttributes?In my current implementation, I always receive all the attributes (via SAML) in the client no matter how many filters I set up.Thanks in advance and sorry for my English ;)--You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user-- You are currently subscribed to cas-user@lists.jasig.org as: daniel.char...@unice.frTo unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release

2014-10-10 Thread Daniel . CHARLOT 
It’s the same, ignoreAttributes true or false doesn’t works for me.
-
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 9 oct. 2014 à 22:48, John Gasper  a écrit :

> Hi Carlos,
> 
> This is similar to Daniel's issue. Are you setting the ignoreAttributes to 
> true or false in the registry entry?
> 
> ---
> John Gasper
> IAM Consultant
> Unicon, Inc.
> PGP/GPG Key: 0xbafee3ef
> 
> On 10/9/14 12:31 PM, Carlos Olivera wrote:
>> Hi everyone, I'm currently working with Cas server 4.0 and applying 
>> customizations, but there's still something I can't quite figure out yet.
>> 
>> In the section of attribute release says:
>> 
>> First: 
>> Attributes are controlled by the Person Directory project and returned to 
>> scoped services via the SAML 1.1 protocolor the CAS protocol.
>> Attributes pass through a two-step process:
>> 
>> Resolution: Done at the time of establishing the principal via 
>> PrincipalResolver components where attributes are resolved from various 
>> sources that are outlined below.
>> Release: Adopters must explicitly configure attribute release for services 
>> in order for the resolved attributes to be released to a service in the 
>> validation response.
>> My question is, what happens when the service reduces the number of 
>> attributes to release either by using "getAllowedAttributes" or by 
>> getAttributeFilter? Does it mean that whenever I get a reference to 
>> AttributePrincipal in the client, only those released attributes will be 
>> available? If I'm getting that last one wrong, what is the use of 
>> allowedAttributes?
>> 
>> In my current implementation, I always receive all the attributes (via SAML) 
>> in the client no matter how many filters I set up.
>> 
>> Thanks in advance and sorry for my English ;)
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> daniel.char...@unice.fr
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] allowedAttributes ldap CAS 4

2014-10-09 Thread Daniel . CHARLOT 
my page saml works too much because it drop all attritubes of my user. but not 
only the mail (value=mail) which is in the allowedattribute properties


Le 9 octobre 2014 17:35:04 CEST, John Gasper  a écrit :
>As far as I can tell from the log the user attributes are being pulled
>from the ldap server just fine. It also looks like they are being
>queued
>to be put in the saml response:
>2014-10-09 17:03:29,192 INFO
>[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>Authenticated dcharlot with credentials [dcharlot+password].
>2014-10-09 17:03:29,192 DEBUG
>[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>Attribute map for dcharlot: {eduPersonAffiliation=[member, staff,
>employee], eduPersonPrimaryAffiliation=staff,
>email=daniel.char...@unice.fr,
>uniceService=[application.harpege.utilisateurs, application-geisha, BV,
>geisha, pers-tous, autocom, manu-dsi-assistance,
>application.apogee.utilisateurs, apogee, web, pers-affect.CRI,
>scsi.infrastructure.membres, scsi.personnels, hermes, harpege,
>dsi.infrastructure.a-sites, scsi.membres,
>scsi.infrastructure.personnels, app-conges,
>manu-membres-iufm-conseil.ufr, pers-site.valrose], displayName=Daniel
>Charlot, user=dcharlot}
>...
>2014-10-09 17:03:29,333 DEBUG
>[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
>[ST-1-bwkJYRzsBrdTc5eaDQ6r-login4.unice.fr] found in registry.
>2014-10-09 17:03:29,334 DEBUG
>[org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter]
>- Found attribute [email] in the list of allowed attributes for service
>[HTTP and IMAP]
>2014-10-09 17:03:29,334 DEBUG
>[org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter]
>- Found attribute [user] in the list of allowed attributes for service
>[HTTP and IMAP]
>
>I don't know if the logging indicates the attribute (or its value) as
>it
>is put into the SAML response or not.
>
>My next step would be to bump the logging up on the phpCAS client and I
>think you should be able to see the SAML response there.
>
>---
>*John Gasper*
>IAM Consultant
>Unicon, Inc.
>PGP/GPG Key: 0xbafee3ef
>On 10/9/14 8:09 AM, daniel.char...@unice.fr wrote:
>> Hi,
>>
>> Sorry for the delay,
>> here my log for one connexion : 
>>
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as:
>jgas...@unicon.net
>> To unsubscribe, change settings or access archives, see
>http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>>
>> -
>> Daniel CHARLOT
>> D.S.I. Université de Nice Sophia-Antipolis
>> Administrateur Systèmes et Réseaux
>> 28, avenue de Valrose - BP 2135 - 06103 NICE 
>> Tél : 04-92-07-67-07
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Le 8 oct. 2014 à 16:26, Misagh Moayyed > <mailto:mmoay...@unicon.net>> a écrit :
>>
>>> Ok. So I’d follow what John suggested. Up the log levels and see
>what
>>> they tell you.
>>>  
>>> *From:* daniel.char...@unice.fr
>>> <mailto:daniel.char...@unice.fr> [mailto:daniel.char...@unice.fr] 
>>> *Sent:* Wednesday, October 8, 2014 7:19 AM
>>> *To:* cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org>
>>> *Subject:* Re: [cas-user] allowedAttributes ldap CAS 4
>>>  
>>> A simple page of php cas 1.3.3 with the function
>phpCAS::getAttributes()
>>> -
>>> Daniel CHARLOT
>>> D.S.I. Université de Nice Sophia-Antipolis
>>> Administrateur Systèmes et Réseaux
>>> 28, avenue de Valrose - BP 2135 - 06103 NICE 
>>> Tél : 04-92-07-67-07
>>>
>>>
>>>  
>>>  
>>>  
>>>  
>>>  
>>>  
>>>  
>>>
>>>
>>>  
>>> Le 8 oct. 2014 à 16:14, Misagh Moayyed >> <mailto:mmoay...@unicon.net>> a écrit :
>>>
>>>
>>> And what sort of CAS client are you using to get these
>attributes?
>>>  
>>> *From:* daniel.char...@unice.fr
>>> <mailto:daniel.char...@unice.fr>
>[mailto:daniel.char...@unice.fr] 
>>> *Sent:* Wednesday, October 8, 2014 5:07 AM
>>> *To:* cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org>
>>> *Subject:* Re: [cas-user] allowedAttributes ldap CAS 4
>>>  
>>> Hi john,
>>> I use SAML 1.1.
>>>  
>>>
>-
>>>

Re: [cas-user] allowedAttributes ldap CAS 4

2014-10-09 Thread Daniel . CHARLOT 
my page saml works too much because it drop all attritubes of my user. but not 
only the mail (value=mail) which is in the allowedattribute properties


Le 9 octobre 2014 17:35:04 CEST, John Gasper  a écrit :
>As far as I can tell from the log the user attributes are being pulled
>from the ldap server just fine. It also looks like they are being
>queued
>to be put in the saml response:
>2014-10-09 17:03:29,192 INFO
>[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>Authenticated dcharlot with credentials [dcharlot+password].
>2014-10-09 17:03:29,192 DEBUG
>[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>Attribute map for dcharlot: {eduPersonAffiliation=[member, staff,
>employee], eduPersonPrimaryAffiliation=staff,
>email=daniel.char...@unice.fr,
>uniceService=[application.harpege.utilisateurs, application-geisha, BV,
>geisha, pers-tous, autocom, manu-dsi-assistance,
>application.apogee.utilisateurs, apogee, web, pers-affect.CRI,
>scsi.infrastructure.membres, scsi.personnels, hermes, harpege,
>dsi.infrastructure.a-sites, scsi.membres,
>scsi.infrastructure.personnels, app-conges,
>manu-membres-iufm-conseil.ufr, pers-site.valrose], displayName=Daniel
>Charlot, user=dcharlot}
>...
>2014-10-09 17:03:29,333 DEBUG
>[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
>[ST-1-bwkJYRzsBrdTc5eaDQ6r-login4.unice.fr] found in registry.
>2014-10-09 17:03:29,334 DEBUG
>[org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter]
>- Found attribute [email] in the list of allowed attributes for service
>[HTTP and IMAP]
>2014-10-09 17:03:29,334 DEBUG
>[org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter]
>- Found attribute [user] in the list of allowed attributes for service
>[HTTP and IMAP]
>
>I don't know if the logging indicates the attribute (or its value) as
>it
>is put into the SAML response or not.
>
>My next step would be to bump the logging up on the phpCAS client and I
>think you should be able to see the SAML response there.
>
>---
>*John Gasper*
>IAM Consultant
>Unicon, Inc.
>PGP/GPG Key: 0xbafee3ef
>On 10/9/14 8:09 AM, daniel.char...@unice.fr wrote:
>> Hi,
>>
>> Sorry for the delay,
>> here my log for one connexion : 
>>
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as:
>jgas...@unicon.net
>> To unsubscribe, change settings or access archives, see
>http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>>
>> -
>> Daniel CHARLOT
>> D.S.I. Université de Nice Sophia-Antipolis
>> Administrateur Systèmes et Réseaux
>> 28, avenue de Valrose - BP 2135 - 06103 NICE 
>> Tél : 04-92-07-67-07
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Le 8 oct. 2014 à 16:26, Misagh Moayyed > <mailto:mmoay...@unicon.net>> a écrit :
>>
>>> Ok. So I’d follow what John suggested. Up the log levels and see
>what
>>> they tell you.
>>>  
>>> *From:* daniel.char...@unice.fr
>>> <mailto:daniel.char...@unice.fr> [mailto:daniel.char...@unice.fr] 
>>> *Sent:* Wednesday, October 8, 2014 7:19 AM
>>> *To:* cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org>
>>> *Subject:* Re: [cas-user] allowedAttributes ldap CAS 4
>>>  
>>> A simple page of php cas 1.3.3 with the function
>phpCAS::getAttributes()
>>> -
>>> Daniel CHARLOT
>>> D.S.I. Université de Nice Sophia-Antipolis
>>> Administrateur Systèmes et Réseaux
>>> 28, avenue de Valrose - BP 2135 - 06103 NICE 
>>> Tél : 04-92-07-67-07
>>>
>>>
>>>  
>>>  
>>>  
>>>  
>>>  
>>>  
>>>  
>>>
>>>
>>>  
>>> Le 8 oct. 2014 à 16:14, Misagh Moayyed >> <mailto:mmoay...@unicon.net>> a écrit :
>>>
>>>
>>> And what sort of CAS client are you using to get these
>attributes?
>>>  
>>> *From:* daniel.char...@unice.fr
>>> <mailto:daniel.char...@unice.fr>
>[mailto:daniel.char...@unice.fr] 
>>> *Sent:* Wednesday, October 8, 2014 5:07 AM
>>> *To:* cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org>
>>> *Subject:* Re: [cas-user] allowedAttributes ldap CAS 4
>>>  
>>> Hi john,
>>> I use SAML 1.1.
>>>  
>>>
>-
>>>

Re: [cas-user] allowedAttributes ldap CAS 4

2014-10-09 Thread Daniel . CHARLOT 
Hi,Sorry for the delay,here my log for one connexion : 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


cas.log
Description: Binary data

-Daniel CHARLOTD.S.I. Université de Nice Sophia-AntipolisAdministrateur Systèmes et Réseaux28, avenue de Valrose - BP 2135 - 06103 NICE Tél : 04-92-07-67-07

Le 8 oct. 2014 à 16:26, Misagh Moayyed  a écrit :Ok. So I’d follow what John suggested. Up the log levels and see what they tell you. From: daniel.char...@unice.fr [mailto:daniel.char...@unice.fr] Sent: Wednesday, October 8, 2014 7:19 AMTo: cas-user@lists.jasig.orgSubject: Re: [cas-user] allowedAttributes ldap CAS 4 A simple page of php cas 1.3.3 with the function phpCAS::getAttributes()-Daniel CHARLOTD.S.I. Université de Nice Sophia-AntipolisAdministrateur Systèmes et Réseaux28, avenue de Valrose - BP 2135 - 06103 NICE Tél : 04-92-07-67-07Le 8 oct. 2014 à 16:14, Misagh Moayyed  a écrit :And what sort of CAS client are you using to get these attributes? From: daniel.char...@unice.fr [mailto:daniel.char...@unice.fr] Sent: Wednesday, October 8, 2014 5:07 AMTo: cas-user@lists.jasig.orgSubject: Re: [cas-user] allowedAttributes ldap CAS 4 Hi john,I use SAML 1.1. -Daniel CHARLOTD.S.I. Université de Nice Sophia-AntipolisAdministrateur Systèmes et Réseaux28, avenue de Valrose - BP 2135 - 06103 NICE Tél : 04-92-07-67-07Le 7 oct. 2014 à 17:18, John Gasper  a écrit :What CAS protocol are you using to retrieve the attributes on the client side? On 10/7/14 1:04 AM, daniel.char...@unice.fr wrote:Hi john, I have tried your syntax but it's the same things.I have seen that on cas core 4.1 there are new functions for this. I hope the return of attributes for each services works on 4.0 with ldap… I dont understand why the property of serviceid works but not the property allowedAttribute Best Regards,-Daniel CHARLOTD.S.I. Université de Nice Sophia-AntipolisAdministrateur Systèmes et Réseaux28, avenue de Valrose - BP 2135 - 06103 NICE Tél : 04-92-07-67-07Le 6 oct. 2014 à 17:24, John Gasper  a écrit :You might try changing your bean def to use:                            mail        On 10/6/14 3:41 AM, daniel.char...@unice.fr wrote:Hi guys, Last work for my cas 4. I would like to give attributes differents for each services.But it doesnt work.I use org.jasig.cas.persondir.LdapPersonAttributeDao. And I have a bean :                  p:id="1" p:name="HTTP web" p:description=« SERVICE test"              p:allowedToProxy="true" p:serviceId="http://testmydomain/test/test.php" p:evaluationOrder="1002"               p:allowedAttributes="mail"/> But in response... I have all attributes which are in my "bean attributeRepository".allowedAttributes properties seems do nothing... Any ideas ? Thx for your responses-Daniel CHARLOTD.S.I. Université de Nice Sophia-AntipolisAdministrateur Systèmes et Réseaux28, avenue de Valrose - BP 2135 - 06103 NICE Tél : 04-92-07-67-07   -- You are currently subscribed to cas-user@lists.jasig.org as: jgas...@unicon.netTo unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: daniel.char...@unice.frTo unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jgas...@unicon.netTo unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: daniel.char...@unice.frTo unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user  -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.netTo unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user-- You are currently subscribed to cas-user@lists.jasig.org as: daniel.char...@unice.frTo unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user  -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.netTo unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user-- 
You are currently subscribed to cas-user@lists.jasig.org as: daniel.char...@unice.fr
To unsubscribe, change settings or access arch

Re: [cas-user] allowedAttributes ldap CAS 4

2014-10-08 Thread Daniel . CHARLOT 
A simple page of php cas 1.3.3 with the function phpCAS::getAttributes()
-
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 8 oct. 2014 à 16:14, Misagh Moayyed  a écrit :

> And what sort of CAS client are you using to get these attributes?
>  
> From: daniel.char...@unice.fr [mailto:daniel.char...@unice.fr] 
> Sent: Wednesday, October 8, 2014 5:07 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] allowedAttributes ldap CAS 4
>  
> Hi john,
> I use SAML 1.1.
>  
> ---------
> Daniel CHARLOT
> D.S.I. Université de Nice Sophia-Antipolis
> Administrateur Systèmes et Réseaux
> 28, avenue de Valrose - BP 2135 - 06103 NICE 
> Tél : 04-92-07-67-07
> 
> 
>  
>  
>  
>  
>  
>  
>  
> 
> 
>  
> Le 7 oct. 2014 à 17:18, John Gasper  a écrit :
> 
> 
> What CAS protocol are you using to retrieve the attributes on the client side?
>  
> On 10/7/14 1:04 AM, daniel.char...@unice.fr wrote:
> Hi john,
>  
> I have tried your syntax but it's the same things.
> 
> 
> I have seen that on cas core 4.1 there are new functions for this. I hope the 
> return of attributes for each services works on 4.0 with ldap…
>  
> I dont understand why the property of serviceid works but not the property 
> allowedAttribute
>  
> Best Regards,
> 
> 
> -
> Daniel CHARLOT
> D.S.I. Université de Nice Sophia-Antipolis
> Administrateur Systèmes et Réseaux
> 28, avenue de Valrose - BP 2135 - 06103 NICE 
> Tél : 04-92-07-67-07
> 
> 
>  
>  
>  
>  
>  
>  
>  
> 
> 
>  
> Le 6 oct. 2014 à 17:24, John Gasper  a écrit :
> 
> 
> You might try changing your bean def to use:
> 
> 
> mail
> 
> 
> 
> On 10/6/14 3:41 AM, daniel.char...@unice.fr wrote:
> Hi guys,
>  
> Last work for my cas 4.
>  
> I would like to give attributes differents for each services.
> But it doesnt work.
> I use org.jasig.cas.persondir.LdapPersonAttributeDao.
>  
> And I have a bean : 
>   p:id="1" p:name="HTTP web" p:description=« SERVICE test"
>   p:allowedToProxy="true" 
> p:serviceId="http://testmydomain/test/test.php"; p:evaluationOrder="1002" 
>   p:allowedAttributes="mail"/>
>  
> But in response... I have all attributes which are in my "bean 
> attributeRepository".
> allowedAttributes properties seems do nothing...
>  
> Any ideas ?
>  
> Thx for your responses
> -
> Daniel CHARLOT
> D.S.I. Université de Nice Sophia-Antipolis
> Administrateur Systèmes et Réseaux
> 28, avenue de Valrose - BP 2135 - 06103 NICE 
> Tél : 04-92-07-67-07
> 
> 
>  
>  
>  
>  
>  
>  
>  
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> jgas...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> daniel.char...@unice.fr
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> jgas...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> daniel.char...@unice.fr
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mmoay...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> daniel.char...@unice.fr
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] allowedAttributes ldap CAS 4

2014-10-08 Thread Daniel . CHARLOT 
Hi john,
I use SAML 1.1.

-
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 7 oct. 2014 à 17:18, John Gasper  a écrit :

> What CAS protocol are you using to retrieve the attributes on the client side?
> 
> On 10/7/14 1:04 AM, daniel.char...@unice.fr wrote:
>> Hi john,
>> 
>> I have tried your syntax but it's the same things.
>> 
>> I have seen that on cas core 4.1 there are new functions for this. I hope 
>> the return of attributes for each services works on 4.0 with ldap…
>> 
>> I dont understand why the property of serviceid works but not the property 
>> allowedAttribute
>> 
>> Best Regards,
>> 
>> -
>> Daniel CHARLOT
>> D.S.I. Université de Nice Sophia-Antipolis
>> Administrateur Systèmes et Réseaux
>> 28, avenue de Valrose - BP 2135 - 06103 NICE 
>> Tél : 04-92-07-67-07
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> Le 6 oct. 2014 à 17:24, John Gasper  a écrit :
>> 
>>> You might try changing your bean def to use:
>>> 
>>> 
>>> mail
>>> 
>>>  
>>> 
>>> On 10/6/14 3:41 AM, daniel.char...@unice.fr wrote:
>>>> Hi guys,
>>>> 
>>>> Last work for my cas 4.
>>>> 
>>>> I would like to give attributes differents for each services.
>>>> But it doesnt work.
>>>> I use org.jasig.cas.persondir.LdapPersonAttributeDao.
>>>> 
>>>> And I have a bean : 
>>>>>>>   p:id="1" p:name="HTTP web" p:description=« SERVICE test"
>>>>   p:allowedToProxy="true" 
>>>> p:serviceId="http://testmydomain/test/test.php"; 
>>>> p:evaluationOrder="1002" 
>>>>   p:allowedAttributes="mail"/>
>>>> 
>>>> But in response... I have all attributes which are in my "bean 
>>>> attributeRepository".
>>>> allowedAttributes properties seems do nothing...
>>>> 
>>>> Any ideas ?
>>>> 
>>>> Thx for your responses
>>>> -
>>>> Daniel CHARLOT
>>>> D.S.I. Université de Nice Sophia-Antipolis
>>>> Administrateur Systèmes et Réseaux
>>>> 28, avenue de Valrose - BP 2135 - 06103 NICE 
>>>> Tél : 04-92-07-67-07
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>> jgas...@unicon.net
>>>> To unsubscribe, change settings or access archives, see 
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> 
>>> -- 
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> daniel.char...@unice.fr
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> jgas...@unicon.net
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> daniel.char...@unice.fr
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] allowedAttributes ldap CAS 4

2014-10-07 Thread Daniel . CHARLOT 
Hi john,

I have tried your syntax but it's the same things.

I have seen that on cas core 4.1 there are new functions for this. I hope the 
return of attributes for each services works on 4.0 with ldap…

I dont understand why the property of serviceid works but not the property 
allowedAttribute

Best Regards,

-
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 6 oct. 2014 à 17:24, John Gasper  a écrit :

> You might try changing your bean def to use:
> 
> 
> mail
> 
>  
> 
> On 10/6/14 3:41 AM, daniel.char...@unice.fr wrote:
>> Hi guys,
>> 
>> Last work for my cas 4.
>> 
>> I would like to give attributes differents for each services.
>> But it doesnt work.
>> I use org.jasig.cas.persondir.LdapPersonAttributeDao.
>> 
>> And I have a bean : 
>>>   p:id="1" p:name="HTTP web" p:description=« SERVICE test"
>>   p:allowedToProxy="true" 
>> p:serviceId="http://testmydomain/test/test.php"; p:evaluationOrder="1002" 
>>   p:allowedAttributes="mail"/>
>> 
>> But in response... I have all attributes which are in my "bean 
>> attributeRepository".
>> allowedAttributes properties seems do nothing...
>> 
>> Any ideas ?
>> 
>> Thx for your responses
>> -
>> Daniel CHARLOT
>> D.S.I. Université de Nice Sophia-Antipolis
>> Administrateur Systèmes et Réseaux
>> 28, avenue de Valrose - BP 2135 - 06103 NICE 
>> Tél : 04-92-07-67-07
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> jgas...@unicon.net
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> daniel.char...@unice.fr
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] allowedAttributes ldap CAS 4

2014-10-06 Thread Daniel . CHARLOT 
Hi guys,

Last work for my cas 4.

I would like to give attributes differents for each services.
But it doesnt work.
I use org.jasig.cas.persondir.LdapPersonAttributeDao.

And I have a bean : 
 http://testmydomain/test/test.php"; p:evaluationOrder="1002" 
  p:allowedAttributes="mail"/>

But in response... I have all attributes which are in my "bean 
attributeRepository".
allowedAttributes properties seems do nothing...

Any ideas ?

Thx for your responses
---------
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07










-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS 4.0.0: LDAP Attribute Repository - I think I have it working - How to verify? - Someone PLEASE respond

2014-09-03 Thread Daniel . CHARLOT 

Hi david,

If you use ldap authentication i think that to call the bean 
id="attributeRepository" with the class 
org.jasig.services.persondir.support.StubPersonAttributeDao is not the 
solution.


Try with the class org.jasig.cas.persondir.LdapPersonAttributeDao like 
below :






  
  
  
  />







Le 2014-09-02 20:51, David A. Kovacic a écrit :

Adding a logger for the PolicyBasedAuthenticationManager does show
the principals being being populated.  Thanks for the information :-)

 I tried dropping back to just a stub attributeRepository bean:

     
    
     
     
     
     
     
     

 and what I see in the logs is that rather than containing values
mapped to the names the mapping variables are mapping and returning
the attribute names instead:

 2014-09-02 14:16:08,601 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - 
 2014-09-02 14:16:08,601 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - 
 2014-09-02 14:16:08,602 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - 
 2014-09-02 14:16:08,602 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - 
 2014-09-02 14:16:08,603 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -

 2014-09-02 14:16:08,603 DEBUG
[org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver]
- 
 2014-09-02 14:16:08,603 DEBUG
[org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver]
- 
 2014-09-02 14:16:08,604 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -

 2014-09-02 14:16:08,605 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -

 2014-09-02 14:16:08,605 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -


 Unless there is some way to force the actual values into the stub
mapping, it looks like you MUST do the additional search.  It's not
as bad as it could be since I am reusing the authentication search
connection pool to grab the information, so instead of opening a
connection and doing a search, I am just doing the search.

 Dave

On 8/29/14 4:32 PM, Marvin Addison wrote:


In short, is there some way to dump the
principal after authentication, or some other way to tell if the
attributes have been properly stored.


PolicyBasedAuthenticationManager logs the resolved principal at
DEBUG:

logger.info("Authenticated {} with credentials {}.", principal,
Arrays.asList(credentials));
logger.debug("Attribute map for {}: {}", principal.getId(),
principal.getAttributes());

Turning up org.jasig.cas.authentication to DEBUG would print out the
information you need to definitively show whether the attributes you
expect are in the principal.

This is the definition of the "primaryPrincipalResolver" that seems
to
finally be working:



class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver"






While I imagine that it does work, it's not efficient since you're
effectively doing attribute resolution twice. The handler can resolve
attributes on the same connection as that used for authentication;
with PersonDirectoryPrincipalResolver, you're opening a new connection
to do it again. The wrinkle is that you MUST define an
attributeRepository bean for use by other system components, but you
should probably use a StubPersonAttributeDao [1] bean that simply has
the attribute mapping.

M

[1]
http://developer.jasig.org/projects/person-directory/1.1.1/apidocs/org/jasig/services/persondir/support/StubPersonAttributeDao.html
[1]

--
You are currently subscribed to cas-user@lists.jasig.org as:
daniel.char...@unice.fr
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user


Links:
--
[1]
http://developer.jasig.org/projects/person-directory/1.1.1/apidocs/org/jasig/services/persondir/support/StubPersonAttributeDao.html


--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Java-sourced custom attributes not being released

2014-09-01 Thread Daniel . CHARLOT 
Sry its ok,

i have used 

  




  
  
  
  


   

instead my old bean attributeRepository and now its ok 

bye 
-
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 1 sept. 2014 à 16:09, daniel.char...@unice.fr a écrit :

> Hi, I think my problem is similar.
> 
> I have in my deployerConfigContext.xml
> 
> "
> 
> 
> 
>  »
> 
> but when i have use in my php application : phpCAS::getAttributes();
> my result is uid, eduPersonAffiliation, groupMembership but not the content 
> of my variable.
> 
> Anyone knows how to resolved this problem? 
> 
> I have tried to copy
>  
> /tomcat/webapps/cas/WEB-INF/view/jsp/protocol/3.0/casServiceValidationSuccess.jsp
> to /tomcat/webapps/cas/WEB-INF/view/jsp/protocol/2.0/
> but nothing changes.
> 
> Thanks a lot.
> 
> -----
> Daniel CHARLOT
> D.S.I. Université de Nice Sophia-Antipolis
> Administrateur Systèmes et Réseaux
> 28, avenue de Valrose - BP 2135 - 06103 NICE 
> Tél : 04-92-07-67-07
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Le 6 août 2014 à 12:52, Misagh Moayyed  a écrit :
> 
>> It is the recommended approach. Come to think of, we probably should include 
>> that either in the protocol or somewhere on the docs page.
>>  
>> From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] 
>> Sent: Wednesday, August 6, 2014 3:30 AM
>> To: cas-user@lists.jasig.org
>> Subject: RE: [cas-user] Java-sourced custom attributes not being released
>>  
>> I can indeed – and it works! :-D
>>  
>> Is /p3/serviceValidate the recommended approach when you want to use v3.0 of 
>> the protocol then?  Or is it a workaround?
>>  
>> Thanks again for all the help and for such quick respnses.
>>  
>> Regards,
>>  
>> Richard
>>  
>> From: Misagh Moayyed [mailto:mmoay...@unicon.net] 
>> Sent: 06 August 2014 11:24
>> To: cas-user@lists.jasig.org
>> Subject: RE: [cas-user] Java-sourced custom attributes not being released
>>  
>> Can you point your client to /p3/serviceValidate instead?
>>  
>> From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] 
>> Sent: Wednesday, August 6, 2014 3:21 AM
>> To: cas-user@lists.jasig.org
>> Subject: RE: [cas-user] Java-sourced custom attributes not being released
>>  
>> Yep, that was it.  I’ve (hopefully temporarily) copied the 3.0 version of 
>> casServiceValidationSuccess.jsp to 2.0 and it now shows the attributes.
>>  
>> So all I now need is to be able to tall CAS I want it to use the 3.0 version 
>> of casServiceValidationSuccess.jsp.
>>  
>> Regards,
>>  
>> Richard
>>  
>> From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] 
>> Sent: 06 August 2014 11:14
>> To: cas-user@lists.jasig.org
>> Subject: RE: [cas-user] Java-sourced custom attributes not being released
>>  
>> I think I’ve found the problem!
>>  
>> It’s using casServiceValidationSuccess.jsp from 
>> "WEB-INF/view/jsp/protocol/2.0" not "WEB-INF/view/jsp/protocol/3.0".  Surely 
>> it should default to the 3.0 one if there are attributes, shouldn’t it?  I 
>> can’t find any way of telling CAS that I am using the v3 protocol when I 
>> make the serviceValidate call…
>>  
>> Regards,
>>  
>> Richard
>>  
>> From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] 
>> Sent: 06 August 2014 10:28
>> To: cas-user@lists.jasig.org
>> Subject: RE: [cas-user] Java-sourced custom attributes not being released
>>  
>> Thanks – that definitely helped!
>>  
>> I’m getting there now.  My log now contains:
>>  
>> 2014-08-06 10:20:45,521 DEBUG 
>> [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - 
>> Found attribute [billingAccountId] in the list of allowed attributes for 
>> service [HTTP Services]
>> 2014-08-06 10:20:45,521 DEBUG 
>> [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - 
>> Found attribute [groupMembership] in the list of allowed attributes for 
>> service [HTTP Services]
>> 2014-08-06 10:20:45,522 DEBUG 
>> [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - 
>> Found attribute [uid] in the list of allowed attributes for service [HTTP 
>>

Re: [cas-user] Java-sourced custom attributes not being released

2014-09-01 Thread Daniel . CHARLOT 
Hi, I think my problem is similar.

I have in my deployerConfigContext.xml

"



 »

but when i have use in my php application : phpCAS::getAttributes();
my result is uid, eduPersonAffiliation, groupMembership but not the content of 
my variable.

Anyone knows how to resolved this problem? 

I have tried to copy
 
/tomcat/webapps/cas/WEB-INF/view/jsp/protocol/3.0/casServiceValidationSuccess.jsp
to /tomcat/webapps/cas/WEB-INF/view/jsp/protocol/2.0/
but nothing changes.

Thanks a lot.

-
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 6 août 2014 à 12:52, Misagh Moayyed  a écrit :

> It is the recommended approach. Come to think of, we probably should include 
> that either in the protocol or somewhere on the docs page.
>  
> From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] 
> Sent: Wednesday, August 6, 2014 3:30 AM
> To: cas-user@lists.jasig.org
> Subject: RE: [cas-user] Java-sourced custom attributes not being released
>  
> I can indeed – and it works! :-D
>  
> Is /p3/serviceValidate the recommended approach when you want to use v3.0 of 
> the protocol then?  Or is it a workaround?
>  
> Thanks again for all the help and for such quick respnses.
>  
> Regards,
>  
> Richard
>  
> From: Misagh Moayyed [mailto:mmoay...@unicon.net] 
> Sent: 06 August 2014 11:24
> To: cas-user@lists.jasig.org
> Subject: RE: [cas-user] Java-sourced custom attributes not being released
>  
> Can you point your client to /p3/serviceValidate instead?
>  
> From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] 
> Sent: Wednesday, August 6, 2014 3:21 AM
> To: cas-user@lists.jasig.org
> Subject: RE: [cas-user] Java-sourced custom attributes not being released
>  
> Yep, that was it.  I’ve (hopefully temporarily) copied the 3.0 version of 
> casServiceValidationSuccess.jsp to 2.0 and it now shows the attributes.
>  
> So all I now need is to be able to tall CAS I want it to use the 3.0 version 
> of casServiceValidationSuccess.jsp.
>  
> Regards,
>  
> Richard
>  
> From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] 
> Sent: 06 August 2014 11:14
> To: cas-user@lists.jasig.org
> Subject: RE: [cas-user] Java-sourced custom attributes not being released
>  
> I think I’ve found the problem!
>  
> It’s using casServiceValidationSuccess.jsp from 
> "WEB-INF/view/jsp/protocol/2.0" not "WEB-INF/view/jsp/protocol/3.0".  Surely 
> it should default to the 3.0 one if there are attributes, shouldn’t it?  I 
> can’t find any way of telling CAS that I am using the v3 protocol when I make 
> the serviceValidate call…
>  
> Regards,
>  
> Richard
>  
> From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] 
> Sent: 06 August 2014 10:28
> To: cas-user@lists.jasig.org
> Subject: RE: [cas-user] Java-sourced custom attributes not being released
>  
> Thanks – that definitely helped!
>  
> I’m getting there now.  My log now contains:
>  
> 2014-08-06 10:20:45,521 DEBUG 
> [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - 
> Found attribute [billingAccountId] in the list of allowed attributes for 
> service [HTTP Services]
> 2014-08-06 10:20:45,521 DEBUG 
> [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - 
> Found attribute [groupMembership] in the list of allowed attributes for 
> service [HTTP Services]
> 2014-08-06 10:20:45,522 DEBUG 
> [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - 
> Found attribute [uid] in the list of allowed attributes for service [HTTP 
> Services]
>  
> Still no attributes in the XML from serviceValidate though…
>  
> Regards,
>  
> Richard
>  
> From: Misagh Moayyed [mailto:mmoay...@unicon.net] 
> Sent: 06 August 2014 10:07
> To: cas-user@lists.jasig.org
> Subject: RE: [cas-user] Java-sourced custom attributes not being released
>  
> Answers inline.
>  
> -Original Message-
> From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] 
> Sent: Wednesday, August 6, 2014 1:41 AM
> To: cas-user@lists.jasig.org
> Subject: RE: [cas-user] Java-sourced custom attributes not being released
>  
> Thanks.
>  
> So does "CAS is not looking at your handler for attributes" mean that the 
> attributes supplied via the SimplePrincipal object are not being used?
>  
> Correct.
>  
>  
> When you refer to "3 hardcoded attributes" do you mean this block...?
>  
> 
> 
> 
> 
> 
>  
> Ye

Re: [cas-user] CAS 4 and LDAP

2014-07-22 Thread Daniel . CHARLOT 
My bad i have found the ldap log.
When i used the replicat ldap i dont have the java error [LDAP: error code 32 - 
No Such Object];
So its an other problem of filters.

But the problem authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS,
then
LdapAuthenticationHandler failed authenticating

 is always here

Here my logs slapd:

2014-07-22T14:04:06.978957+02:00 ldap.unice.fr slapd[23702]: conn=1018 op=2 
SRCH base="ou=people,dc=unice,dc=fr" scope=2 deref=0 
filter="(supannAliasLogin=myuser) » 
2014-07-22T14:04:06.980165+02:00 ldap..unice.fr slapd[23702]: conn=1018 op=2 
SEARCH RESULT tag=101 err=0 nentries=1 text= 
2014-07-22T14:04:06.990804+02:00 ldap..unice.fr slapd[23702]: conn=1015 op=1 
BIND dn="uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr" method=128 
2014-07-22T14:04:07.020416+02:00 ldap..unice.fr slapd[23702]: conn=1015 op=1 
BIND dn="uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr" mech=SIMPLE ssf=0 
2014-07-22T14:04:07.020416+02:00 ldap..unice.fr slapd[23702]: conn=1015 op=1 
RESULT tag=97 err=0 text= 
2014-07-22T14:04:07.025312+02:00 ldap..unice.fr slapd[23702]: conn=1015 op=2 
SRCH attr=supannAliasLogin member mail displayName 
2014-07-22T14:04:07.025312+02:00 ldap..unice.fr slapd[23702]: conn=1015 op=2 
SRCH base="uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr" scope=0 deref=0 
filter="(objectClass=*)" 
2014-07-22T14:04:07.025325+02:00 ldap..unice.fr slapd[23702]: conn=1015 op=2 
SEARCH RESULT tag=101 err=0 nentries=0 text= 

Our superman LDAP master is in holiday, i think i will do the same… :)
Thanks a lot.
---------
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 22 juil. 2014 à 11:53, daniel.char...@unice.fr a écrit :

> hi,
> I don’t understand...I see nothing in my ldap log (at log level 256). Nothing 
> like : "no bind", and "no connection" with my user...
> I have tried with the bind admin ldap, and i have the same error and nothing 
> in the ldap log.
> i am investigating…
> 
> -
> Daniel CHARLOT
> D.S.I. Université de Nice Sophia-Antipolis
> Administrateur Systèmes et Réseaux
> 28, avenue de Valrose - BP 2135 - 06103 NICE 
> Tél : 04-92-07-67-07
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Le 21 juil. 2014 à 18:17, Daniel Fisher  a écrit :
> 
>> On Mon, Jul 21, 2014 at 10:54 AM,   wrote:
>>> Yes,  thanks i see my attributes now.
>>> I confirm that my user can read the entry.
>>> The problem is the same..
>> 
>> What does your LDAP log say?
>>> [LDAP: error code 32 - No Such Object]; remaining name 
>>> ‘uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr']
>> This indicates some sort of permission problem.
>> Either the user doesn't have read access to their own entry or doesn't
>> have read access to the entire branch.
>> 
>> --Daniel Fisher
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> daniel.char...@unice.fr
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> daniel.char...@unice.fr
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS 4 and LDAP

2014-07-22 Thread Daniel . CHARLOT 
hi,
I don’t understand...I see nothing in my ldap log (at log level 256). Nothing 
like : "no bind", and "no connection" with my user...
I have tried with the bind admin ldap, and i have the same error and nothing in 
the ldap log.
i am investigating…

---------
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 21 juil. 2014 à 18:17, Daniel Fisher  a écrit :

> On Mon, Jul 21, 2014 at 10:54 AM,   wrote:
>> Yes,  thanks i see my attributes now.
>> I confirm that my user can read the entry.
>> The problem is the same..
> 
> What does your LDAP log say?
>> [LDAP: error code 32 - No Such Object]; remaining name 
>> ‘uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr']
> This indicates some sort of permission problem.
> Either the user doesn't have read access to their own entry or doesn't
> have read access to the entire branch.
> 
> --Daniel Fisher
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> daniel.char...@unice.fr
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS 4 and LDAP

2014-07-21 Thread Daniel . CHARLOT 
Yes,  thanks i see my attributes now.
I confirm that my user can read the entry.
The problem is the same..
-
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 21 juil. 2014 à 16:01, Daniel Fisher  a écrit :

> On Mon, Jul 21, 2014 at 9:17 AM,   wrote:
>> In fact i dont know why my  returnAttributes=[] are empty/null.
>> Where configure that ?
> 
> Add 
> to your deployerConfigContext.xml
> 
> That should get the return attributes set correctly.
> Confirm that the user has read access to their own entry.
> 
> --Daniel Fisher
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> daniel.char...@unice.fr
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Rebuilding a single cas-server-support-anything component

2014-07-21 Thread Daniel . CHARLOT 
Hi Guillaume,

I have do :
cd /cas-server-4.0.0/
vi pom.xml
replace
${cs.dir}/src/licensing/header.txt
by 
${licenseHeader}

mvn package install worked for me

Bye
-
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 18 juil. 2014 à 12:58, Misagh Moayyed  a écrit :

> The best approach is that if you are using the maven overlay method,
> configure your pom to include the maven compiler plugin, and simply copy
> the java class file from the patch over to your build at the exact
> location by the same exact name. The build process will use yours instead
> of the default. That would be least invasive change.
> 
> -Original Message-
> From: Guillaume Rousse [mailto:guillaume.rou...@inria.fr]
> Sent: Friday, July 18, 2014 2:09 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] Rebuilding a single cas-server-support-anything
> component
> 
> Le 18/07/2014 10:39, Misagh Moayyed a écrit :
>> Are you building from master? If so, try pulling once. I just ran the
>> build and all passes for me.
>> 
> No, from cas-server 4.0 release, as I'm trying to minimize the changes.
> --
> Guillaume Rousse
> INRIA, Direction des systèmes d'information
> Domaine de Voluceau
> Rocquencourt - BP 105
> 78153 Le Chesnay
> Tel: 01 39 63 58 31
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> daniel.char...@unice.fr
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS 4 and LDAP

2014-07-21 Thread Daniel . CHARLOT 
Hi,
I have found before :
2014-07-21 15:01:21,282 INFO [org.ldaptive.auth.Authenticator] - Authentication 
succeeded for dn: uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr

An error :
searchFilter=[org.ldaptive.SearchFilter@1642584434::filter=(objectClass=*), 
parameters={}], returnAttributes=[], searchScope=OBJECT, timeLimit=0, 
sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null, 
sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, 
controls=null, followReferrals=false, intermediateResponseHandlers=null] with 
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@2116028303::config=[org.ldaptive.ConnectionConfig@1122184227::ldapUrl=ldap://ldap.unice.fr/,
 connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, 
useStartTLS=true, connectionInitializer=null], 
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1666108686::connectionCount=1,
 environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, 
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, 
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@315577502::operationExceptionResultCodes=[PROTOCOL_ERROR,
 SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null, 
tracePackets=null, removeDnUrls=true, 
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, 
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, 
controlProcessor=org.ldaptive.provider.ControlProcessor@69bc5ab7], 
sslSocketFactory=null, hostnameVerifier=null], 
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@4a788511]

2014-07-21 15:01:21,277 DEBUG [org.ldaptive.auth.Authenticator] - entry 
resolution failed for 
resolver=[org.ldaptive.auth.SearchEntryResolver@805125572::factory=null, 
searchEntryHandlers=null]
[org.ldaptive.LdapException@1078490817::resultCode=NO_SUCH_OBJECT, 
matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, 
providerException=javax.naming.NameNotFoundException: [LDAP: error code 32 - No 
Such Object]; remaining name ‘uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr']
at 
org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:77)
…..

In fact i dont know why my  returnAttributes=[] are empty/null.
Where configure that ?

Many thanks
-
Daniel CHARLOT
D.S.I. Université de Nice Sophia-Antipolis
Administrateur Systèmes et Réseaux
28, avenue de Valrose - BP 2135 - 06103 NICE 
Tél : 04-92-07-67-07











Le 18 juil. 2014 à 05:06, Daniel Fisher  a écrit :

> The root of the problem is that the authentication request doesn't
> contain the principalIdAttribute, which you've defined as 'uid':
>> request=[org.ldaptive.auth.AuthenticationRequest@1438545291::user=myuser,
>> retAttrs=[]]
> 
> So the authenticated entry doesn't contain that attribute either:
>> [org.ldaptive.auth.AuthenticationResponse@306513608::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS,
>> ldapEntry=[dn=uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr[]],
>> accountState=null, result=true, resultCode=SUCCESS, message=null,
>> controls=null]
> 
> I didn't see anything wrong in your configuration, hopefully someone
> with better eyes will take a look.
> 
> --Daniel Fisher
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> daniel.char...@unice.fr
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS 4 and LDAP

2014-07-17 Thread Daniel . CHARLOT 
Hi,I have a problem with cas 4 and the connector LDAP.I think that i can pass the ldap authentication but the PolicyAuthentication Manager don’t let me pass.I have seen a post here (https://groups.google.com/forum/#!msg/jasig-cas-dev/3CyO92Vk8XA/V2RrUs3m4e8J) which say that to resolved my problem i have to edit ldapAuthenticationHandler andchange by this code :  if (response.getResult()) {             return doPostAuthentication(response);         } But the code has changed even if my problem is exactly the same.here my log : 014-07-17 13:48:40,402 INFO [org.ldaptive.auth.Authenticator] - Authentication succeeded for dn: uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr2014-07-17 13:48:40,403 DEBUG [org.ldaptive.auth.Authenticator] - authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@1361780777::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@426627437::config=[org.ldaptive.ConnectionConfig@46831809::ldapUrl=ldap://myldapserveur:389/, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@887911370::connectionCount=1, environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@844938458::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null, controlProcessor=org.ldaptive.provider.ControlProcessor@6672a60a]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@fa5edeb], result=true, resultCode=SUCCESS, message=null, controls=null] for dn=uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr with request=[org.ldaptive.auth.AuthenticationRequest@1438545291::user=myuser, retAttrs=[]]2014-07-17 13:48:40,403 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response: [org.ldaptive.auth.AuthenticationResponse@306513608::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, ldapEntry=[dn=uid=myuser,ou=personnel,ou=people,dc=unice,dc=fr[]], accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null]2014-07-17 13:48:40,404 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler failed authenticating myuser+password2014-07-17 13:48:40,412 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN=WHO: audit:unknownWHAT: supplied credentials: [myuser+password]ACTION: AUTHENTICATION_FAILEDAPPLICATION: CASWHEN: Thu Jul 17 13:48:40 CEST 2014CLIENT IP ADDRESS: SERVER IP ADDRESS: xxx.unice.fr=2014-07-17 13:48:40,413 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN=WHO: audit:unknownWHAT: 1 errors, 0 successesACTION: TICKET_GRANTING_TICKET_NOT_CREATEDAPPLICATION: CASWHEN: Thu Jul 17 13:48:40 CEST 2014CLIENT IP ADDRESS: xxxSERVER IP ADDRESS: xxx.unice.frand my deployerConfigContext. (attach file)Someone got an idea ?Thanks a lot for your responses.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


deployerConfigContext.xml
Description: XML document

-Daniel CHARLOTD.S.I. Université de Nice Sophia-AntipolisAdministrateur Systèmes et Réseaux28, avenue de Valrose - BP 2135 - 06103 NICE Tél : 04-92-07-67-07