Trying to setup a testing CAS server using docker (apereo/cas:v4.2.2)
I can bring the server up and can successfully login and validate a ticket.
What I really want to do is simulate various types of attribute release so
I can easily have a set of users for testing with various affiliations and
group memberships.
My cas.properties defines some test users admin1, admin2 and admin3
accept.authn.users=admin1::admin1,admin2::admin2,admin3::admin3
Then I'd like to use a JSON file as an attribute repository, which I'm
trying like this:
cas.authn.attributeRepository.json[0].config.location=file://etc/cas/attribute-repository.json
cas.authn.attributeRepository.json[0].order=0
/etc/cas/attribute-repository.json contains
{
"admin1": {
"firstName":["Admin1"],
"lastName":["One"]
},
"admin2": {
"firstName":["Admin2"],
"eduPersonAffiliation":["employee", "student"]
}
}
My test service is configured to release all attributes
{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "^(https|http)://.*",
"name" : "HTTPS and HTTP Test",
"id" : 10000001,
"description" : "Test service which releases all attributes.",
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"evaluationOrder" : 1,
"usernameAttributeProvider" : {
"@class" :
"org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"logoutType" : "BACK_CHANNEL",
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
}
}
When I login as admin2 and validate the ticket, the response I get is like
this:
<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas";>
<cas:authenticationSuccess>
<cas:user>admin2</cas:user>
<cas:attributes>
<cas:uid>uid</cas:uid>
<cas:isFromNewLogin>true</cas:isFromNewLogin>
<cas:authenticationDate>2017-06-13T11:45:43.636Z</cas:authenticationDate>
<cas:eduPersonAffiliation>eduPersonAffiliation</cas:eduPersonAffiliation>
<cas:longTermAuthenticationRequestTokenUsed>false
</cas:longTermAuthenticationRequestTokenUsed>
<cas:memberOf>faculty</cas:memberOf>
<cas:memberOf>staff</cas:memberOf>
<cas:memberOf>org</cas:memberOf>
<cas:groupMembership>groupMembership</cas:groupMembership>
</cas:attributes>
</cas:authenticationSuccess>
</cas:serviceResponse>
I was hoping to see a firstName attribute and a eduPersonAffiliation
attribute, and I'm not sure where the memberOf attributes have come from!
Clearly, I'm missing some configuration somewhere - clues very much welcome!
Clues most welcome...
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7a7e897a-5e12-4d15-bf6e-52d19783cfd8%40apereo.org.
