Hi Jae,
Yes, after the changes I checked both the IDToken and user profile
endpoint. What I noticed is that the IDToken only contains the mapped name
whereas the user profile endpoint contains both the original names and the
mapped names, both with values. But in our case that is ok.
Here is
Hi John,
did you use the user profile endpoint?
are the user profile values in the endpoint response array not string
在2022年3月19日星期六 UTC+8 02:19:51 写道:
> Hi Jae,
>
> Thank you very much for your email. That is a good work-around/fix for the
> issue. I removed the `scopes` key in the service
Hi Jae,
Thank you very much for your email. That is a good work-around/fix for the
issue. I removed the `scopes` key in the service definition file completely
and in the `cas.properties` removed all of the
`cas.authn.oidc.core.claims-map` entries.
I used the following attribute release policy in
Hi John,
I removed the claims-map in config and following are my
attributeReleasePolicy
attributeReleasePolicy:
{
@class: org.apereo.cas.services.ChainingAttributeReleasePolicy
policies:
[
java.util.ArrayList
[
{
@class:
Hi Rodolphe,
Thank you for sharing the information, this is really helpful. This
work-around may be something we look into implementing.
John
On Thu, Mar 10, 2022 at 12:46 AM Rodolphe Prin
wrote:
> Hi,
> this is what I did to deal with that problem :
> in my case I was retrieving attributes
Hi,
this is what I did to deal with that problem :
in my case I was retrieving attributes from the authentication source
(LDAP) with the following configuration
```
cas.authn.ldap[0].principal-attribute-list=displayName,givenName,mail,sn
cas.authn.ldap[0].additional-attributes=memberOf
```
and
Hi Jae,
Thanks for the reply, are you able to share any of your config?
In my case both the IDToken and the userinfo endpoint contain claims such
as `mail` and `cn`. But the `claims-map` only seems to work for the
userinfo endpoint, which returns both claims `mail` and `email` and `cn`
and
I used CAS v6.4 it's ok for me.
I think there something wrong with your configuration. You defined the
scopes (scopes=openid,profile,emai), CAS will use these as attributes
release policy, the scopes email will only release attributes email and
email_verified, profile will release name,