RE: [cas-user] mod_auth_cas and attributes

To: cas-user@apereo.org Subject: Re: [cas-user] mod_auth_cas and attributes On Mon, 4 Nov 2019 17:16:33 + Ray Bon wrote: > Alberto, > > My apologies. I missed the part about cas protocol v2. Attribute release > is available only with protocol v3 and saml 1.1 (and saml 2). No need

Re: [cas-user] mod_auth_cas and attributes

On Mon, 4 Nov 2019 17:16:33 + Ray Bon wrote: > Alberto, > > My apologies. I missed the part about cas protocol v2. Attribute release > is available only with protocol v3 and saml 1.1 (and saml 2). No need to apologize, of course! A little more explanation is welcome, though... I read in mo

Re: [cas-user] mod_auth_cas and attributes

> > What version of mod_auth_cas are you using? > > Sorry, I didn't included it in my question: > > mod_auth_cas is 1.2, freshly cloned from > https://github.com/apereo/mod_auth_cas.git > CAS server is 5.3.12.1. > > > v1.2 supports CASv2 attributes, which should work with /serviceValidate > > pr

Re: [cas-user] mod_auth_cas and attributes

Alberto, My apologies. I missed the part about cas protocol v2. Attribute release is available only with protocol v3 and saml 1.1 (and saml 2). Ray On Mon, 2019-11-04 at 13:17 +0100, Alberto Cabello Sánchez wrote: On Fri, 25 Oct 2019 18:08:13 + Ray Bon < r...@uvic.

Re: [cas-user] mod_auth_cas and attributes

On Fri, 25 Oct 2019 18:08:13 + Ray Bon wrote: > Alberto, > > To be sure CAS is releasing the attributes: > > > name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy" > level="debug"/> Thanks, Ray. It seems to be right: DEBUG [org.apereo.cas.serv

Re: [cas-user] mod_auth_cas and attributes

Hi, thanks everyone for your help! This worked like a charm, just adding the SAML dependency and changing two lines in mod_auth_cas config ("CASValidateUrl" and "CASValidateSAML On"). I'll be investigating the cause of my CAS and mod_auth_cas not sharing the attributes, anyway. Best regards. On

Re: [cas-user] mod_auth_cas and attributes

Alberto, To be sure CAS is releasing the attributes: Ray On Fri, 2019-10-25 at 11:45 +0200, Alberto Cabello Sánchez wrote: On Thu, 24 Oct 2019 16:12:58 -0400 David Hawes < dha...@vt.edu > wrote: What version of mod_auth_cas are you using? Sorry,

Re: [cas-user] mod_auth_cas and attributes

On Fri, Oct 25, 2019, 05:45 Alberto Cabello Sánchez wrote: > On Thu, 24 Oct 2019 16:12:58 -0400 > David Hawes wrote: > > > What version of mod_auth_cas are you using? > > Sorry, I didn't included it in my question: > > mod_auth_cas is 1.2, freshly cloned from > https://github.com/apereo/mod_auth

Re: [cas-user] mod_auth_cas and attributes

On Thu, 24 Oct 2019 16:20:09 -0400 David Hawes wrote: > Note that you can use /serviceValidate with mod_auth_cas v1.2 if your > server releases attributes. Well, it seems this is not the case: validation response is alberto No node named "attributes", so no mod_auth_cas problem her

Re: [cas-user] mod_auth_cas and attributes

On Thu, 24 Oct 2019 16:12:58 -0400 David Hawes wrote: > What version of mod_auth_cas are you using? Sorry, I didn't included it in my question: mod_auth_cas is 1.2, freshly cloned from https://github.com/apereo/mod_auth_cas.git CAS server is 5.3.12.1. > v1.2 supports CASv2 attributes, which s

Re: [cas-user] mod_auth_cas and attributes

I stand corrected. Although the AuthNHeader documentation (README) is not at all clear (to me, anyway) on that. David A. Curry, CISSP Director • Information Security & Privacy The New School • Information Technology 71 Fifth Ave., 9th Fl., New York, NY 10003 +1 646 909-4728 • david.cu...@newscho

Re: [cas-user] mod_auth_cas and attributes

On Thu, 24 Oct 2019 at 08:44, David Curry wrote: > > You should be safe from SAML messes; CASv2 attribute release via SAML 1.1 has > been around for years and years; much longer than the CAS server's support > for the SAML2 protocol and acting as an IdP/SP. You don't actually have to > configur

Re: [cas-user] mod_auth_cas and attributes

What version of mod_auth_cas are you using? v1.2 supports CASv2 attributes, which should work with /serviceValidate provided your server supports it. Turn "CASDebug On" and you should be able to see the validation response with the attributes returned from your server. With CASAuthnHeader set to s

Re: [cas-user] mod_auth_cas and attributes

You should be safe from SAML messes; CASv2 attribute release via SAML 1.1 has been around for years and years; much longer than the CAS server's support for the SAML2 protocol and acting as an IdP/SP. You don't actually have to configure anything at all; just use the other endpoint ( samlValidate i

Re: [cas-user] mod_auth_cas and attributes

Thank you very much. I'll try later, hoping not to end in a SAML mess, as I usually do. Regarding Apache directives, * Do I need "CASSSOEnabled On", even if I'm not using SSOut capabilities? * Is "CASAuthNHeader On" correct? I just did that and ended with a "On" header containing only the authen

Re: [cas-user] mod_auth_cas and attributes

In your service registry: { *...* "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" }, *...*} In /etc/httpd/conf.d/cas.conf: LoadModule auth_cas_module modules/mod_auth_cas.so AuthTypeCAS CASAuthNHeader On

[cas-user] mod_auth_cas and attributes

Hi, I'm trying to get attributes released by CAS through mod_auth_cas and CASv2 protocol (not SAML), but I'm not sure how to achieve it. I set CASAuthNHeader ATTR but it just gives the authenticated user, even if successful login page shows correctly the attributes defined in application.proper