Hi all
i managed to find a way to return my JDBC attributes for my OIDC protocol
client:
1. ensure your attribute release policy is ReturnAllAttributeReleasePolicy
{
@class: org.apereo.cas.services.OidcRegisteredService
serviceId: ^https://mydomainsample:8443/sample-oidc-client/.*
name: CAS-client-OIDC
id: 1512458653837
description: OIDC-client sample
attributeReleasePolicy:
{
@class: org.apereo.cas.services.ReturnAllAttributeReleasePolicy
principalAttributesRepository:
{
@class:
org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository
expiration: 2
timeUnit: HOURS
}
authorizedToReleaseCredentialPassword: false
authorizedToReleaseProxyGrantingTicket: false
excludeDefaultAttributes: false
}
}
2. define your JDBC attributes to release
cas.authn.attributeRepository.attributes.firstname=firstname
cas.authn.attributeRepository.attributes.lastname=lastname
cas.authn.attributeRepository.defaultAttributesToRelease=firstname,lastname,kind,etag,objectType
cas.authn.attributeRepository.expireInMinutes=30
cas.authn.attributeRepository.maximumCacheSize=10000
cas.authn.attributeRepository.merger=MERGE
3. create your userDefinedScope, and specify what attribute you want to
release for your service
cas.authn.oidc.userDefinedScopes.testScope=firstname,phone,lastname
add your userDefinedScopes into openID scope:
cas.authn.oidc.scopes=openid,profile,email,address,phone,offline_access,testScope
4. define OpenID connect claim mapping to your released attributes.
cas.authn.oidc.claimsMap.id=id
cas.authn.oidc.claimsMap.firstname=firstname
cas.authn.oidc.claimsMap.phone=phone
cas.authn.oidc.claimsMap.lastname=lastname
5. now my oidc user profile is contain my JDBC attributes
2017-12-22 14:08:41,412 DEBUG
[org.apereo.cas.support.oauth.web.endpoints.OAuth20UserProfileControllerController]
- <Final user profile is [
{
"sub": "john",
"firstname": "john",
"phone": "0123123123",
"lastname": "doe",
"auth_time": 1513922920
}]>
kindly correct if my understanding is wrong.
Thanks all.
On Thursday, 21 December 2017 19:01:42 UTC+8, Edward wrote:
>
> hi all
> i am using CAS 5.1.6, and i have successfully 'casify' my web-application
> by adding 4 CAS client filter in my web.xml
> as per this guide:
>
> https://wiki.jasig.org/display/casc/configuring+the+jasig+cas+client+for+java+in+the+web.xml
>
> i have configure JDBC attributes release and its working ok. meaning i can
> get all attributes that i configure in database
> as per this guide:
> https://apereo.github.io/2017/02/22/cas51-dbauthn-tutorial/
>
> my question is:
> 1. if i want my app to use OAuth2/OpenID connect protocol, i cannot use
> same filter right?
> should i create my own filter class? (to integrate with CAS in
> OAuth2/OIDC protocol. do auth, redirect, get access token etc)
> or is there any CAS client API for OAuth2/OIDC?
>
> 2. once i use OAuth2/OpenID connect how can i get the JDBC attributes?
> i tried request from these URL
> https://mycasdomain:8443/cas/oauth2.0/profile ---> for OAuth2
> and
> https://mycasdomain:8443/cas/oidc/profile ---> for OIDC
>
> but both did not provide my JDBC attributes.
>
> Thanks!
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1636ec41-52bd-43c8-abf2-96d55324d046%40apereo.org.
