Re: [cas-user] Java-sourced custom attributes not being released
Hi, I think my problem is similar. I have in my deployerConfigContext.xml util:map id=attrRepoBackingMap entry key=uid value=uid / entry key=eduPersonAffiliation value=eduPersonAffiliation / entry key=groupMembership value=groupMembership / /util:map » but when i have use in my php application : phpCAS::getAttributes(); my result is uid, eduPersonAffiliation, groupMembership but not the content of my variable. Anyone knows how to resolved this problem? I have tried to copy /tomcat/webapps/cas/WEB-INF/view/jsp/protocol/3.0/casServiceValidationSuccess.jsp to /tomcat/webapps/cas/WEB-INF/view/jsp/protocol/2.0/ but nothing changes. Thanks a lot. - Daniel CHARLOT D.S.I. Université de Nice Sophia-Antipolis Administrateur Systèmes et Réseaux 28, avenue de Valrose - BP 2135 - 06103 NICE Tél : 04-92-07-67-07 Le 6 août 2014 à 12:52, Misagh Moayyed mmoay...@unicon.net a écrit : It is the recommended approach. Come to think of, we probably should include that either in the protocol or somewhere on the docs page. From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 3:30 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released I can indeed – and it works! :-D Is /p3/serviceValidate the recommended approach when you want to use v3.0 of the protocol then? Or is it a workaround? Thanks again for all the help and for such quick respnses. Regards, Richard From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 11:24 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Can you point your client to /p3/serviceValidate instead? From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 3:21 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Yep, that was it. I’ve (hopefully temporarily) copied the 3.0 version of casServiceValidationSuccess.jsp to 2.0 and it now shows the attributes. So all I now need is to be able to tall CAS I want it to use the 3.0 version of casServiceValidationSuccess.jsp. Regards, Richard From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: 06 August 2014 11:14 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released I think I’ve found the problem! It’s using casServiceValidationSuccess.jsp from WEB-INF/view/jsp/protocol/2.0 not WEB-INF/view/jsp/protocol/3.0. Surely it should default to the 3.0 one if there are attributes, shouldn’t it? I can’t find any way of telling CAS that I am using the v3 protocol when I make the serviceValidate call… Regards, Richard From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: 06 August 2014 10:28 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Thanks – that definitely helped! I’m getting there now. My log now contains: 2014-08-06 10:20:45,521 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [billingAccountId] in the list of allowed attributes for service [HTTP Services] 2014-08-06 10:20:45,521 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [groupMembership] in the list of allowed attributes for service [HTTP Services] 2014-08-06 10:20:45,522 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [uid] in the list of allowed attributes for service [HTTP Services] Still no attributes in the XML from serviceValidate though… Regards, Richard From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 10:07 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Answers inline. -Original Message- From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 1:41 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Thanks. So does CAS is not looking at your handler for attributes mean that the attributes supplied via the SimplePrincipal object are not being used? Correct. When you refer to 3 hardcoded attributes do you mean this block...? util:map id=attrRepoBackingMap entry key=uid value=uid / entry key=eduPersonAffiliation value=eduPersonAffiliation / entry key=groupMembership value=groupMembership / /util:map Yes. And if so, presumably because only uid and groupMembership are listed as allowedAttributes, only these two can be released? (Currently
Re: [cas-user] Java-sourced custom attributes not being released
Sry its ok, i have used bean id=attributeRepository class=org.jasig.cas.persondir.LdapPersonAttributeDao p:baseDN=ou=people,dc=mycompany,dc=fr p:searchFilter=uid={0} p:searchControls-ref=searchControls p:connectionFactory-ref=searchPooledLdapConnectionFactory p:resultAttributeMapping-ref=resultAttributeMap / !-- Originally had a queryAttributeMapping-ref in here as well -- !--removing the queryAttribute got things working -- util:map id=resultAttributeMap entry key=uid value=user / entry key=mail value=email / entry key=cn value=displayName / entry key=eduPersonPrincipalName value=eduPersonPrincipalName / /util:map bean id=searchControls class=javax.naming.directory.SearchControls p:searchScope=2 / instead my old bean attributeRepository and now its ok bye - Daniel CHARLOT D.S.I. Université de Nice Sophia-Antipolis Administrateur Systèmes et Réseaux 28, avenue de Valrose - BP 2135 - 06103 NICE Tél : 04-92-07-67-07 Le 1 sept. 2014 à 16:09, daniel.char...@unice.fr a écrit : Hi, I think my problem is similar. I have in my deployerConfigContext.xml util:map id=attrRepoBackingMap entry key=uid value=uid / entry key=eduPersonAffiliation value=eduPersonAffiliation / entry key=groupMembership value=groupMembership / /util:map » but when i have use in my php application : phpCAS::getAttributes(); my result is uid, eduPersonAffiliation, groupMembership but not the content of my variable. Anyone knows how to resolved this problem? I have tried to copy /tomcat/webapps/cas/WEB-INF/view/jsp/protocol/3.0/casServiceValidationSuccess.jsp to /tomcat/webapps/cas/WEB-INF/view/jsp/protocol/2.0/ but nothing changes. Thanks a lot. - Daniel CHARLOT D.S.I. Université de Nice Sophia-Antipolis Administrateur Systèmes et Réseaux 28, avenue de Valrose - BP 2135 - 06103 NICE Tél : 04-92-07-67-07 Le 6 août 2014 à 12:52, Misagh Moayyed mmoay...@unicon.net a écrit : It is the recommended approach. Come to think of, we probably should include that either in the protocol or somewhere on the docs page. From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 3:30 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released I can indeed – and it works! :-D Is /p3/serviceValidate the recommended approach when you want to use v3.0 of the protocol then? Or is it a workaround? Thanks again for all the help and for such quick respnses. Regards, Richard From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 11:24 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Can you point your client to /p3/serviceValidate instead? From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 3:21 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Yep, that was it. I’ve (hopefully temporarily) copied the 3.0 version of casServiceValidationSuccess.jsp to 2.0 and it now shows the attributes. So all I now need is to be able to tall CAS I want it to use the 3.0 version of casServiceValidationSuccess.jsp. Regards, Richard From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: 06 August 2014 11:14 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released I think I’ve found the problem! It’s using casServiceValidationSuccess.jsp from WEB-INF/view/jsp/protocol/2.0 not WEB-INF/view/jsp/protocol/3.0. Surely it should default to the 3.0 one if there are attributes, shouldn’t it? I can’t find any way of telling CAS that I am using the v3 protocol when I make the serviceValidate call… Regards, Richard From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: 06 August 2014 10:28 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Thanks – that definitely helped! I’m getting there now. My log now contains: 2014-08-06 10:20:45,521 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [billingAccountId] in the list of allowed attributes for service [HTTP Services] 2014-08-06 10:20:45,521 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [groupMembership] in the list of allowed attributes for service [HTTP Services] 2014-08-06 10:20:45,522 DEBUG
RE:[cas-user] Java-sourced custom attributes not being released
Thanks Misagh. I've made some changes and now, just to be explicit, my authenticateUsernamePasswordInternal method ends: MapString, Object attributes = new HashMapString, Object(); if (billingAccountID != null) attributes.put(billingAccountId, billingAccountID); attributes.put(groupMembership, GROUP MEMBERSHIP INFORMATION); attributes.put(uid, UID INFORMATION); return createHandlerResult(credential, new SimplePrincipal(username, attributes), null); (I don't actually need the groupMembership and uid attributes but I noticed those names in the configuration file so hardwired them in case they would come through; now they're there just in case my billingAccountID is null.) My deployerConfigContext.xml now contains, directly inside the beans ... element: util:list id=registeredServicesList bean class=org.jasig.cas.services.RegexRegisteredService p:id=0 p:name=HTTP and IMAP p:description=Allows HTTP(S) and IMAP(S) protocols p:serviceId=^(https?|imaps?)://.* p:evaluationOrder=1001 / bean class=org.jasig.cas.services.RegisteredServiceImpl property name=id value=0 / property name=name value=HTTP Services / property name=description value=HTTP Services / property name=serviceId value=http://**; / property name=allowedAttributes list valuebillingAccountId/value valuegroupMembership/value valueuid/value /list /property /bean /util:list And I got rid of the attribute filter as you suggested. I *believe* this is all that should be required (reading http://jasig.github.io/cas/4.0.0/integration/Attribute-Release.html#configuration) but I'm still not getting any attributes through at all. Have I still missed a step? Thanks, Richard -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] Java-sourced custom attributes not being released
How is your authn handler wired into the CAS config? Can you post your configuration? -Original Message- From: Richard Wiseman [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 12:17 AM To: cas-user@lists.jasig.org Subject: RE:[cas-user] Java-sourced custom attributes not being released Thanks Misagh. I've made some changes and now, just to be explicit, my authenticateUsernamePasswordInternal method ends: MapString, Object attributes = new HashMapString, Object(); if (billingAccountID != null) attributes.put(billingAccountId, billingAccountID); attributes.put(groupMembership, GROUP MEMBERSHIP INFORMATION); attributes.put(uid, UID INFORMATION); return createHandlerResult(credential, new SimplePrincipal(username, attributes), null); (I don't actually need the groupMembership and uid attributes but I noticed those names in the configuration file so hardwired them in case they would come through; now they're there just in case my billingAccountID is null.) My deployerConfigContext.xml now contains, directly inside the beans ... element: util:list id=registeredServicesList bean class=org.jasig.cas.services.RegexRegisteredService p:id=0 p:name=HTTP and IMAP p:description=Allows HTTP(S) and IMAP(S) protocols p:serviceId=^(https?|imaps?)://.* p:evaluationOrder=1001 / bean class=org.jasig.cas.services.RegisteredServiceImpl property name=id value=0 / property name=name value=HTTP Services / property name=description value=HTTP Services / property name=serviceId value=http://**; / property name=allowedAttributes list valuebillingAccountId/value valuegroupMembership/value valueuid/value /list /property /bean /util:list And I got rid of the attribute filter as you suggested. I *believe* this is all that should be required (reading http://jasig.github.io/cas/4.0.0/integration/Attribute-Release.html#configuration) but I'm still not getting any attributes through at all. Have I still missed a step? Thanks, Richard -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE:[cas-user] Java-sourced custom attributes not being released
There are lots of commented-out elements from my various attempts and I've scrubbed out the database details but here it is. Thanks! -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user?xml version=1.0 encoding=UTF-8? !-- Licensed to Jasig under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. Jasig licenses this file to you under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at the following location: http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that | all CAS deployers will need to modify. | | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. | The beans declared in this file are instantiated at context initialization time by the Spring | ContextLoaderListener declared in web.xml. It finds this file because this | file is among those declared in the context parameter contextConfigLocation. | | By far the most common change you will need to make in this file is to change the last bean | declaration to replace the default authentication handler with | one implementing your approach for authenticating usernames and passwords. +-- beans xmlns=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:p=http://www.springframework.org/schema/p; xmlns:c=http://www.springframework.org/schema/c; xmlns:tx=http://www.springframework.org/schema/tx; xmlns:util=http://www.springframework.org/schema/util; xmlns:sec=http://www.springframework.org/schema/security; xsi:schemaLocation=http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd; !-- | The authentication manager defines security policy for authentication by specifying at a minimum | the authentication handlers that will be used to authenticate credential. While the AuthenticationManager | interface supports plugging in another implementation, the default PolicyBasedAuthenticationManager should | be sufficient in most cases. +-- bean id=authenticationManager class=org.jasig.cas.authentication.PolicyBasedAuthenticationManager constructor-arg map !-- | IMPORTANT | Every handler requires a unique name. | If more than one instance of the same handler class is configured, you must explicitly | set its name to something other than its default name (typically the simple class name). -- entry key-ref=proxyAuthenticationHandler value-ref=proxyPrincipalResolver / entry key-ref=primaryAuthenticationHandler value-ref=primaryPrincipalResolver / /map /constructor-arg !-- Uncomment the metadata populator to allow clearpass to capture and cache the password This switch effectively will turn on clearpass. property name=authenticationMetaDataPopulators util:list bean class=org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator c:credentialCache-ref=encryptedMap / /util:list /property -- !-- | Defines the security policy around authentication. Some alternative policies that ship with CAS: | | * NotPreventedAuthenticationPolicy - all credential must either pass or fail authentication | * AllAuthenticationPolicy - all presented credential must be authenticated successfully | * RequiredHandlerAuthenticationPolicy - specifies a handler that must authenticate its credential to pass -- property name=authenticationPolicy bean class=org.jasig.cas.authentication.AnyAuthenticationPolicy / /property /bean !-- Required for proxy
RE: [cas-user] Java-sourced custom attributes not being released
CAS is not looking at your handler for attributes; it will take a look at your resolver which right now has 3 hardcoded attributes, two of which can be released. (if you want the handler to take precedence, null out the resolver) If you are not getting those two, up the CAS logging to DEBUG and see what's coming out. -Original Message- From: Richard Wiseman [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 12:58 AM To: cas-user@lists.jasig.org Subject: RE:[cas-user] Java-sourced custom attributes not being released There are lots of commented-out elements from my various attempts and I've scrubbed out the database details but here it is. Thanks! -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] Java-sourced custom attributes not being released
Thanks. So does CAS is not looking at your handler for attributes mean that the attributes supplied via the SimplePrincipal object are not being used? When you refer to 3 hardcoded attributes do you mean this block...? util:map id=attrRepoBackingMap entry key=uid value=uid / entry key=eduPersonAffiliation value=eduPersonAffiliation / entry key=groupMembership value=groupMembership / /util:map And if so, presumably because only uid and groupMembership are listed as allowedAttributes, only these two can be released? (Currently, no attributes are coming through into the serviceValidate response XML.) Also, when you say null out the resolver do you mean primaryPrincipalResolver? When I do that, my primaryAuthenticationHandler no longer works (or is used). Apologies, but I don't yet understand enough about CAS to confidently make assumptions! I'll turn on debug and see what it says. Regards, Richard -Original Message- From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 09:24 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released CAS is not looking at your handler for attributes; it will take a look at your resolver which right now has 3 hardcoded attributes, two of which can be released. (if you want the handler to take precedence, null out the resolver) If you are not getting those two, up the CAS logging to DEBUG and see what's coming out. -Original Message- From: Richard Wiseman [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 12:58 AM To: cas-user@lists.jasig.org Subject: RE:[cas-user] Java-sourced custom attributes not being released There are lots of commented-out elements from my various attempts and I've scrubbed out the database details but here it is. Thanks! -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: richard.wise...@bt.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] Java-sourced custom attributes not being released
Interesting... As I think you expected, the log now contains: 2014-08-06 09:40:52,972 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [groupMembership] in the list of allowed attributes for service [HTTP Services] 2014-08-06 09:40:52,972 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [uid] in the list of allowed attributes for service [HTTP Services] But after those two lines, attributes are not mentioned again in the log and the returned XML still contains no attributes. Curious. Regards, Richard -Original Message- From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: 06 August 2014 09:41 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Thanks. So does CAS is not looking at your handler for attributes mean that the attributes supplied via the SimplePrincipal object are not being used? When you refer to 3 hardcoded attributes do you mean this block...? util:map id=attrRepoBackingMap entry key=uid value=uid / entry key=eduPersonAffiliation value=eduPersonAffiliation / entry key=groupMembership value=groupMembership / /util:map And if so, presumably because only uid and groupMembership are listed as allowedAttributes, only these two can be released? (Currently, no attributes are coming through into the serviceValidate response XML.) Also, when you say null out the resolver do you mean primaryPrincipalResolver? When I do that, my primaryAuthenticationHandler no longer works (or is used). Apologies, but I don't yet understand enough about CAS to confidently make assumptions! I'll turn on debug and see what it says. Regards, Richard -Original Message- From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 09:24 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released CAS is not looking at your handler for attributes; it will take a look at your resolver which right now has 3 hardcoded attributes, two of which can be released. (if you want the handler to take precedence, null out the resolver) If you are not getting those two, up the CAS logging to DEBUG and see what's coming out. -Original Message- From: Richard Wiseman [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 12:58 AM To: cas-user@lists.jasig.org Subject: RE:[cas-user] Java-sourced custom attributes not being released There are lots of commented-out elements from my various attempts and I've scrubbed out the database details but here it is. Thanks! -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: richard.wise...@bt.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: richard.wise...@bt.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] Java-sourced custom attributes not being released
Answers inline. -Original Message- From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 1:41 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Thanks. So does CAS is not looking at your handler for attributes mean that the attributes supplied via the SimplePrincipal object are not being used? Correct. When you refer to 3 hardcoded attributes do you mean this block...? util:map id=attrRepoBackingMap entry key=uid value=uid / entry key=eduPersonAffiliation value=eduPersonAffiliation / entry key=groupMembership value=groupMembership / /util:map Yes. And if so, presumably because only uid and groupMembership are listed as allowedAttributes, only these two can be released? (Currently, no attributes are coming through into the serviceValidate response XML.) Yes. Also, when you say null out the resolver do you mean primaryPrincipalResolver? When I do that, my primaryAuthenticationHandler no longer works (or is used). Apologies, but I don't yet understand enough about CAS to confidently make assumptions! See: http://jasig.github.io/cas/development/installation/Configuring-Authentication-Components.html#principalresolver-vs-authenticationhandler I'll turn on debug and see what it says. Regards, Richard -Original Message- From: Misagh Moayyed [ mailto:mmoay...@unicon.net mailto:mmoay...@unicon.net] Sent: 06 August 2014 09:24 To: mailto:cas-user@lists.jasig.org cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released CAS is not looking at your handler for attributes; it will take a look at your resolver which right now has 3 hardcoded attributes, two of which can be released. (if you want the handler to take precedence, null out the resolver) If you are not getting those two, up the CAS logging to DEBUG and see what's coming out. -Original Message- From: Richard Wiseman [ mailto:richard.wise...@bt.com mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 12:58 AM To: mailto:cas-user@lists.jasig.org cas-user@lists.jasig.org Subject: RE:[cas-user] Java-sourced custom attributes not being released There are lots of commented-out elements from my various attempts and I've scrubbed out the database details but here it is. Thanks! -- You are currently subscribed to mailto:cas-user@lists.jasig.org cas-user@lists.jasig.org as: mailto:mmoay...@unicon.net mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to mailto:cas-user@lists.jasig.org cas-user@lists.jasig.org as: mailto:richard.wise...@bt.com richard.wise...@bt.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to mailto:cas-user@lists.jasig.org cas-user@lists.jasig.org as: mailto:mmoay...@unicon.net mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] Java-sourced custom attributes not being released
Thanks – that definitely helped! I’m getting there now. My log now contains: 2014-08-06 10:20:45,521 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [billingAccountId] in the list of allowed attributes for service [HTTP Services] 2014-08-06 10:20:45,521 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [groupMembership] in the list of allowed attributes for service [HTTP Services] 2014-08-06 10:20:45,522 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [uid] in the list of allowed attributes for service [HTTP Services] Still no attributes in the XML from serviceValidate though… Regards, Richard From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 10:07 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Answers inline. -Original Message- From: richard.wise...@bt.commailto:richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 1:41 AM To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Thanks. So does CAS is not looking at your handler for attributes mean that the attributes supplied via the SimplePrincipal object are not being used? Correct. When you refer to 3 hardcoded attributes do you mean this block...? util:map id=attrRepoBackingMap entry key=uid value=uid / entry key=eduPersonAffiliation value=eduPersonAffiliation / entry key=groupMembership value=groupMembership / /util:map Yes. And if so, presumably because only uid and groupMembership are listed as allowedAttributes, only these two can be released? (Currently, no attributes are coming through into the serviceValidate response XML.) Yes. Also, when you say null out the resolver do you mean primaryPrincipalResolver? When I do that, my primaryAuthenticationHandler no longer works (or is used). Apologies, but I don't yet understand enough about CAS to confidently make assumptions! See: http://jasig.github.io/cas/development/installation/Configuring-Authentication-Components.html#principalresolver-vs-authenticationhandler I'll turn on debug and see what it says. Regards, Richard -Original Message- From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 09:24 To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released CAS is not looking at your handler for attributes; it will take a look at your resolver which right now has 3 hardcoded attributes, two of which can be released. (if you want the handler to take precedence, null out the resolver) If you are not getting those two, up the CAS logging to DEBUG and see what's coming out. -Original Message- From: Richard Wiseman [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 12:58 AM To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: RE:[cas-user] Java-sourced custom attributes not being released There are lots of commented-out elements from my various attempts and I've scrubbed out the database details but here it is. Thanks! -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: mmoay...@unicon.netmailto:mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: richard.wise...@bt.commailto:richard.wise...@bt.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: mmoay...@unicon.netmailto:mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: richard.wise...@bt.commailto:richard.wise...@bt.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] Java-sourced custom attributes not being released
I think I’ve found the problem! It’s using casServiceValidationSuccess.jsp from WEB-INF/view/jsp/protocol/2.0 not WEB-INF/view/jsp/protocol/3.0. Surely it should default to the 3.0 one if there are attributes, shouldn’t it? I can’t find any way of telling CAS that I am using the v3 protocol when I make the serviceValidate call… Regards, Richard From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: 06 August 2014 10:28 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Thanks – that definitely helped! I’m getting there now. My log now contains: 2014-08-06 10:20:45,521 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [billingAccountId] in the list of allowed attributes for service [HTTP Services] 2014-08-06 10:20:45,521 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [groupMembership] in the list of allowed attributes for service [HTTP Services] 2014-08-06 10:20:45,522 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [uid] in the list of allowed attributes for service [HTTP Services] Still no attributes in the XML from serviceValidate though… Regards, Richard From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 10:07 To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Answers inline. -Original Message- From: richard.wise...@bt.commailto:richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 1:41 AM To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Thanks. So does CAS is not looking at your handler for attributes mean that the attributes supplied via the SimplePrincipal object are not being used? Correct. When you refer to 3 hardcoded attributes do you mean this block...? util:map id=attrRepoBackingMap entry key=uid value=uid / entry key=eduPersonAffiliation value=eduPersonAffiliation / entry key=groupMembership value=groupMembership / /util:map Yes. And if so, presumably because only uid and groupMembership are listed as allowedAttributes, only these two can be released? (Currently, no attributes are coming through into the serviceValidate response XML.) Yes. Also, when you say null out the resolver do you mean primaryPrincipalResolver? When I do that, my primaryAuthenticationHandler no longer works (or is used). Apologies, but I don't yet understand enough about CAS to confidently make assumptions! See: http://jasig.github.io/cas/development/installation/Configuring-Authentication-Components.html#principalresolver-vs-authenticationhandler I'll turn on debug and see what it says. Regards, Richard -Original Message- From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 09:24 To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released CAS is not looking at your handler for attributes; it will take a look at your resolver which right now has 3 hardcoded attributes, two of which can be released. (if you want the handler to take precedence, null out the resolver) If you are not getting those two, up the CAS logging to DEBUG and see what's coming out. -Original Message- From: Richard Wiseman [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 12:58 AM To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: RE:[cas-user] Java-sourced custom attributes not being released There are lots of commented-out elements from my various attempts and I've scrubbed out the database details but here it is. Thanks! -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: mmoay...@unicon.netmailto:mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: richard.wise...@bt.commailto:richard.wise...@bt.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: mmoay...@unicon.netmailto:mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: richard.wise...@bt.commailto:richard.wise...@bt.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] Java-sourced custom attributes not being released
Yep, that was it. I’ve (hopefully temporarily) copied the 3.0 version of casServiceValidationSuccess.jsp to 2.0 and it now shows the attributes. So all I now need is to be able to tall CAS I want it to use the 3.0 version of casServiceValidationSuccess.jsp. Regards, Richard From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: 06 August 2014 11:14 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released I think I’ve found the problem! It’s using casServiceValidationSuccess.jsp from WEB-INF/view/jsp/protocol/2.0 not WEB-INF/view/jsp/protocol/3.0. Surely it should default to the 3.0 one if there are attributes, shouldn’t it? I can’t find any way of telling CAS that I am using the v3 protocol when I make the serviceValidate call… Regards, Richard From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: 06 August 2014 10:28 To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Thanks – that definitely helped! I’m getting there now. My log now contains: 2014-08-06 10:20:45,521 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [billingAccountId] in the list of allowed attributes for service [HTTP Services] 2014-08-06 10:20:45,521 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [groupMembership] in the list of allowed attributes for service [HTTP Services] 2014-08-06 10:20:45,522 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [uid] in the list of allowed attributes for service [HTTP Services] Still no attributes in the XML from serviceValidate though… Regards, Richard From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 10:07 To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Answers inline. -Original Message- From: richard.wise...@bt.commailto:richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 1:41 AM To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Thanks. So does CAS is not looking at your handler for attributes mean that the attributes supplied via the SimplePrincipal object are not being used? Correct. When you refer to 3 hardcoded attributes do you mean this block...? util:map id=attrRepoBackingMap entry key=uid value=uid / entry key=eduPersonAffiliation value=eduPersonAffiliation / entry key=groupMembership value=groupMembership / /util:map Yes. And if so, presumably because only uid and groupMembership are listed as allowedAttributes, only these two can be released? (Currently, no attributes are coming through into the serviceValidate response XML.) Yes. Also, when you say null out the resolver do you mean primaryPrincipalResolver? When I do that, my primaryAuthenticationHandler no longer works (or is used). Apologies, but I don't yet understand enough about CAS to confidently make assumptions! See: http://jasig.github.io/cas/development/installation/Configuring-Authentication-Components.html#principalresolver-vs-authenticationhandler I'll turn on debug and see what it says. Regards, Richard -Original Message- From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 09:24 To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released CAS is not looking at your handler for attributes; it will take a look at your resolver which right now has 3 hardcoded attributes, two of which can be released. (if you want the handler to take precedence, null out the resolver) If you are not getting those two, up the CAS logging to DEBUG and see what's coming out. -Original Message- From: Richard Wiseman [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 12:58 AM To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: RE:[cas-user] Java-sourced custom attributes not being released There are lots of commented-out elements from my various attempts and I've scrubbed out the database details but here it is. Thanks! -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: mmoay...@unicon.netmailto:mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: richard.wise...@bt.commailto:richard.wise...@bt.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas
RE: [cas-user] Java-sourced custom attributes not being released
It is the recommended approach. Come to think of, we probably should include that either in the protocol or somewhere on the docs page. From: richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 3:30 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released I can indeed – and it works! :-D Is /p3/serviceValidate the recommended approach when you want to use v3.0 of the protocol then? Or is it a workaround? Thanks again for all the help and for such quick respnses. Regards, Richard From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 11:24 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Can you point your client to /p3/serviceValidate instead? From: richard.wise...@bt.com mailto:richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 3:21 AM To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Yep, that was it. I’ve (hopefully temporarily) copied the 3.0 version of casServiceValidationSuccess.jsp to 2.0 and it now shows the attributes. So all I now need is to be able to tall CAS I want it to use the 3.0 version of casServiceValidationSuccess.jsp. Regards, Richard From: richard.wise...@bt.com mailto:richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: 06 August 2014 11:14 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released I think I’ve found the problem! It’s using casServiceValidationSuccess.jsp from WEB-INF/view/jsp/protocol/2.0 not WEB-INF/view/jsp/protocol/3.0. Surely it should default to the 3.0 one if there are attributes, shouldn’t it? I can’t find any way of telling CAS that I am using the v3 protocol when I make the serviceValidate call… Regards, Richard From: richard.wise...@bt.com mailto:richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: 06 August 2014 10:28 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Thanks – that definitely helped! I’m getting there now. My log now contains: 2014-08-06 10:20:45,521 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [billingAccountId] in the list of allowed attributes for service [HTTP Services] 2014-08-06 10:20:45,521 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [groupMembership] in the list of allowed attributes for service [HTTP Services] 2014-08-06 10:20:45,522 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - Found attribute [uid] in the list of allowed attributes for service [HTTP Services] Still no attributes in the XML from serviceValidate though… Regards, Richard From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 06 August 2014 10:07 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Answers inline. -Original Message- From: richard.wise...@bt.com mailto:richard.wise...@bt.com [mailto:richard.wise...@bt.com] Sent: Wednesday, August 6, 2014 1:41 AM To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org Subject: RE: [cas-user] Java-sourced custom attributes not being released Thanks. So does CAS is not looking at your handler for attributes mean that the attributes supplied via the SimplePrincipal object are not being used? Correct. When you refer to 3 hardcoded attributes do you mean this block...? util:map id=attrRepoBackingMap entry key=uid value=uid / entry key=eduPersonAffiliation value=eduPersonAffiliation / entry key=groupMembership value=groupMembership / /util:map Yes. And if so, presumably because only uid and groupMembership are listed as allowedAttributes, only these two can be released? (Currently, no attributes are coming through into the serviceValidate response XML.) Yes. Also, when you say null out the resolver do you mean primaryPrincipalResolver? When I do that, my primaryAuthenticationHandler no longer works (or is used). Apologies, but I don't yet understand enough about CAS to confidently make assumptions! See: http://jasig.github.io/cas/development/installation/Configuring-Authentication-Components.html#principalresolver-vs-authenticationhandler I'll turn on debug and see what it says. Regards, Richard -Original Message- From: Misagh Moayyed [ mailto:mmoay...@unicon.net mailto:mmoay...@unicon.net] Sent: 06 August 2014 09:24 To: mailto:cas-user@lists.jasig.org cas-user@lists.jasig.org Subject: RE: [cas-user
RE: [cas-user] Java-sourced custom attributes not being released
You'll need to configure what the allowed attributes are. By default nothing is released...and you likely don’t need the attributeFilter because that only operates on attributes values, and not the names itself. http://jasig.github.io/cas/4.0.0/integration/Attribute-Release.html 4.1 cleans up some of this. -Original Message- From: Richard Wiseman [mailto:richard.wise...@bt.com] Sent: Tuesday, August 5, 2014 6:43 AM To: cas-user@lists.jasig.org Subject: [cas-user] Java-sourced custom attributes not being released This is probably a simple configuration problem, but I have been searching around for ages and can't find out what I've done wrong! I've got some Java that checks user credentials in a custom way (they're stored in a database but I don't think that's relevant). My class extends AbstractJdbcUsernamePasswordAuthenticationHandler and the authenticateUsernamePasswordInternal method ends with: return createHandlerResult(credential, new SimplePrincipal(username, attributes), null); The attributes variable is a HashMapString,Object that I populate just beforehand. This class works (in that it correctly allows/denies access), but doesn't return any of my custom attributes. I've got the following inside the deployerConfigContext.xml's default RegexRegisteredService bean: bean class=org.jasig.cas.services.RegexRegisteredService property name=id value=1 / property name=name value=Allow HTTP(S) / property name=description value=Allows HTTP(S) / property name=serviceId value=^https?://.* / property name=evaluationOrder value=0 / property name=attributeFilter bean class=org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter c:regex=^\w+$ / /property /bean (I'm confident that this bean is being used because I initially had the serviceId attribute's value without the question mark and so my non-HTTPS service wasn't allowed to use CAS.) So in summary, I was expecting some cas:attribute name=... elements to appear in the cas:serviceResponse ... element, but they aren't for some reason. What have I missed, misunderstood or messed up? Thanks, Richard -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user