Hi all i managed to find a way to return my JDBC attributes for my OIDC protocol client: 1. ensure your attribute release policy is ReturnAllAttributeReleasePolicy { @class: org.apereo.cas.services.OidcRegisteredService serviceId: ^https://mydomainsample:8443/sample-oidc-client/.* name: CAS-client-OIDC id: 1512458653837 description: OIDC-client sample attributeReleasePolicy: { @class: org.apereo.cas.services.ReturnAllAttributeReleasePolicy principalAttributesRepository: { @class: org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository expiration: 2 timeUnit: HOURS } authorizedToReleaseCredentialPassword: false authorizedToReleaseProxyGrantingTicket: false excludeDefaultAttributes: false } }
2. define your JDBC attributes to release cas.authn.attributeRepository.attributes.firstname=firstname cas.authn.attributeRepository.attributes.lastname=lastname cas.authn.attributeRepository.defaultAttributesToRelease=firstname,lastname,kind,etag,objectType cas.authn.attributeRepository.expireInMinutes=30 cas.authn.attributeRepository.maximumCacheSize=10000 cas.authn.attributeRepository.merger=MERGE 3. create your userDefinedScope, and specify what attribute you want to release for your service cas.authn.oidc.userDefinedScopes.testScope=firstname,phone,lastname add your userDefinedScopes into openID scope: cas.authn.oidc.scopes=openid,profile,email,address,phone,offline_access,testScope 4. define OpenID connect claim mapping to your released attributes. cas.authn.oidc.claimsMap.id=id cas.authn.oidc.claimsMap.firstname=firstname cas.authn.oidc.claimsMap.phone=phone cas.authn.oidc.claimsMap.lastname=lastname 5. now my oidc user profile is contain my JDBC attributes 2017-12-22 14:08:41,412 DEBUG [org.apereo.cas.support.oauth.web.endpoints.OAuth20UserProfileControllerController] - <Final user profile is [ { "sub": "john", "firstname": "john", "phone": "0123123123", "lastname": "doe", "auth_time": 1513922920 }]> kindly correct if my understanding is wrong. Thanks all. On Thursday, 21 December 2017 19:01:42 UTC+8, Edward wrote: > > hi all > i am using CAS 5.1.6, and i have successfully 'casify' my web-application > by adding 4 CAS client filter in my web.xml > as per this guide: > > https://wiki.jasig.org/display/casc/configuring+the+jasig+cas+client+for+java+in+the+web.xml > > i have configure JDBC attributes release and its working ok. meaning i can > get all attributes that i configure in database > as per this guide: > https://apereo.github.io/2017/02/22/cas51-dbauthn-tutorial/ > > my question is: > 1. if i want my app to use OAuth2/OpenID connect protocol, i cannot use > same filter right? > should i create my own filter class? (to integrate with CAS in > OAuth2/OIDC protocol. do auth, redirect, get access token etc) > or is there any CAS client API for OAuth2/OIDC? > > 2. once i use OAuth2/OpenID connect how can i get the JDBC attributes? > i tried request from these URL > https://mycasdomain:8443/cas/oauth2.0/profile ---> for OAuth2 > and > https://mycasdomain:8443/cas/oidc/profile ---> for OIDC > > but both did not provide my JDBC attributes. > > Thanks! > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1636ec41-52bd-43c8-abf2-96d55324d046%40apereo.org.