I am implementing our login policies into CAS v5.0.2 using the Acceptable Use
Policy module as my guide. We have multiple policies, so I am unable to use AUP
for what we need to accomplish. I'm having an issue retrieving the principal
attributes.
I was hopig someone could guide me on to where I'm steering wrong with this.
I've named attributes in my cas.properties file as:
cas.authn.attributeRepository.attributes.uid=uid
cas.authn.attributeRepository.attributes.cn=Name
cas.authn.attributeRepository.attributes.msuUDCID=UDC_IDENTIFIER
cas.authn.attributeRepository.attributes.msuCasAuth=msuCasAuth
cas.authn.attributeRepository.attributes.msuCopyright=msuCopyright
cas.authn.attributeRepository.attributes.msuEmplEthics=msuEmplEthics
cas.authn.attributeRepository.attributes.msuEmplCert=msuEmplCert
In my log file I see where the attributes are retrieved and the correct values
are there. For example:
2017-02-01 16:21:30,880 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Retrieved
principal id attribute jrw16>
2017-02-01 16:21:30,881 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal
attribute: [msuUDCID[FEB9AFE3FC5EEA1CE04012822A026E73]]>
2017-02-01 16:21:30,881 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal
attribute: [uid[jrw16]]>
2017-02-01 16:21:30,882 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal
attribute: [msuEmplEthics[Y]]>
2017-02-01 16:21:30,883 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal
attribute: [msuCasAuth[cas-empl-not-student-eforms, cas-guest-passwd-auth,
cas-employee-eforms, cas-microsoft-hup-employee, cas-accts-exchange,
cas-mystate-access-eforms, cas-libdb-auth-library, cas-data-admin-eis,
cas-its-auth, cas-current-employee, eforms-empl-not-student,
cas-user-accts-google, cas-empl-cert, cas-its-division, cas-wireless-auth]]>
2017-02-01 16:21:30,884 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Principal
attribute: [msuCasAuth[cas-empl-not-student-eforms, cas-guest-passwd-auth,
cas-employee-eforms, cas-microsoft-hup-employee, cas-accts-exchange,
cas-mystate-access-eforms, cas-libdb-auth-library, cas-data-admin-eis,
cas-its-auth, cas-current-employee, eforms-empl-not-student,
cas-user-accts-google, cas-empl-cert, cas-its-division, cas-wireless-auth]] is
multivalued>
2017-02-01 16:21:30,884 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal
attribute: [msuEmplCert[Y]]>
2017-02-01 16:21:30,885 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal
attribute: [cn[Jeremy Wickham]]>
2017-02-01 16:21:30,886 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Found principal
attribute: [msuCopyright[Y]]>
2017-02-01 16:21:30,887 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Created LDAP
principal for id jrw16 and 8 attributes>
Then later in the logs I am seeing this:
2017-02-01 16:21:31,123 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Locating principal attributes for jrw16>
2017-02-01 16:21:31,124 DEBUG
[org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository]
- <DefaultPrincipalAttributesRepository will return the collection of
attributes directly associated with the principal object which are [{cn=Name,
msuCasAuth=msuCasAuth, msuCopyright=msuCopyright, msuEmplCert=msuEmplCert,
msuEmplEthics=msuEmplEthics, msuUDCID=UDC_IDENTIFIER, uid=uid, username=jrw16}]>
2017-02-01 16:21:31,125 DEBUG
[org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository]
- <Found [8] cached attributes for principal [jrw16] that are {cn=Name,
msuCasAuth=msuCasAuth, msuCopyright=msuCopyright, msuEmplCert=msuEmplCert,
msuEmplEthics=msuEmplEthics, msuUDCID=UDC_IDENTIFIER, uid=uid, username=jrw16}>
2017-02-01 16:21:31,126 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Found principal attributes {cn=Name, msuCasAuth=msuCasAuth,
msuCopyright=msuCopyright, msuEmplCert=msuEmplCert,
msuEmplEthics=msuEmplEthics, msuUDCID=UDC_IDENTIFIER, uid=uid, username=jrw16}
for jrw16>
Also my service config is very bare bones:
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "^http://mobile-devel01.its.msstate.edu:8080/.*";,
"name": "Testing Attributes",
"id": 1817043258496376,
"description": "Testing Attributes",
"evaluationOrder": 7,
}
Thank you for your help
-Jeremy
________________________
Jeremy Wickham
Senior Systems Analyst
Mississippi State University
[email protected]<mailto:[email protected]>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7608a8aee4dc4cecad8f2f6deaf0f6d0%40mail04.ad.msstate.edu.
