Bill,
In `cas.properties`, in your LDAP section, you want a property like this:
cas.authn.ldap[0].principalAttributeList=uid,givenName,sn:surname,mail:email,memberOf
That says that the principal that is authenticated should get the above list of
LDAP attributes. For the ones that have 2 items separated by a colon, that is
just a rename from the LDAP attribute to the name that will be exposed via CAS.
In your service file for an individual service, you specify what attributes
from the above list you want to release. The following sections from a service
file are an example:
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"attributeFilter" : {
"@class":
"org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter",
"patterns": {
"@class" : "java.util.HashMap",
"memberOf": "cn=administrators,ou=groups,dc=example,dc=org"
},
"excludeUnmappedAttributes": false,
"completeMatch": false,
"order": 0
},
"allowedAttributes" : [ "java.util.ArrayList",
[
"uid",
"memberOf",
"email",
"givenName",
"surname"
]
]
},
The "attributeReleasePolicy" is used to filer the "memberOf" attribute down to
a specific value (because he attribute is multi-valued, and you usually only
want to release only one or a few of the values to a service). The
"allowedAttributes" section specifies what attributes from the principal will
be released at all.
Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College
----- Original Message -----
From: "Bill Scully" <[email protected]>
To: "cas-user" <[email protected]>
Sent: Friday, 31 August, 2018 15:00:09
Subject: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
Hi,
I'm having a hard time getting my head around where to start configuring
CAS to provide LDAP attributes to the "RegisteredService" / application
after authentication. I'm assuming there are 2 areas that I need to
configure, cas.properties and service JSON files, but navigating the
documentation to find what I need has been beyond me up to this point.
Can someone kindly point me to the right areas
of https://apereo.github.io/cas/5.2.x/ or give me some tips on where I can
figure out how to retrieve certain attributes from LDAP and share those
selected values with the application? I hope I'm using "application"
properly.
Thanks,
Bill
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac28e9bc-9bdf-4d1d-9d59-d99ad23d2dc9%40apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1473853490.82791165.1535742993465.JavaMail.zimbra%40lafayette.edu.
