Thank you both for your helpful links and examples!
I haven't been able to successfully retrieve any specified attributes in
our testing, but it may our client configuration.
On to troubleshooting!
Many, many thanks to both of you, again!
On Friday, August 31, 2018 at 2:17:12 PM UTC-5, waldbiec wrote:
>
> Bill,
>
> In `cas.properties`, in your LDAP section, you want a property like this:
>
>
> cas.authn.ldap[0].principalAttributeList=uid,givenName,sn:surname,mail:email,memberOf
>
>
>
> That says that the principal that is authenticated should get the above
> list of LDAP attributes. For the ones that have 2 items separated by a
> colon, that is just a rename from the LDAP attribute to the name that will
> be exposed via CAS.
>
> In your service file for an individual service, you specify what
> attributes from the above list you want to release. The following sections
> from a service file are an example:
>
> "attributeReleasePolicy" : {
> "@class" :
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
> "attributeFilter" : {
> "@class":
> "org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter",
>
>
> "patterns": {
> "@class" : "java.util.HashMap",
> "memberOf": "cn=administrators,ou=groups,dc=example,dc=org"
> },
> "excludeUnmappedAttributes": false,
> "completeMatch": false,
> "order": 0
> },
> "allowedAttributes" : [ "java.util.ArrayList",
> [
> "uid",
> "memberOf",
> "email",
> "givenName",
> "surname"
> ]
> ]
> },
>
> The "attributeReleasePolicy" is used to filer the "memberOf" attribute
> down to a specific value (because he attribute is multi-valued, and you
> usually only want to release only one or a few of the values to a service).
> The "allowedAttributes" section specifies what attributes from the
> principal will be released at all.
>
> Thanks,
> Carl Waldbieser
> ITS Identity Management
> Lafayette College
>
> ----- Original Message -----
> From: "Bill Scully" <[email protected] <javascript:>>
> To: "cas-user" <[email protected] <javascript:>>
> Sent: Friday, 31 August, 2018 15:00:09
> Subject: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
>
> Hi,
>
> I'm having a hard time getting my head around where to start configuring
> CAS to provide LDAP attributes to the "RegisteredService" / application
> after authentication. I'm assuming there are 2 areas that I need to
> configure, cas.properties and service JSON files, but navigating the
> documentation to find what I need has been beyond me up to this point.
>
> Can someone kindly point me to the right areas
> of https://apereo.github.io/cas/5.2.x/ or give me some tips on where I
> can
> figure out how to retrieve certain attributes from LDAP and share those
> selected values with the application? I hope I'm using "application"
> properly.
>
> Thanks,
>
> Bill
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected] <javascript:>.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac28e9bc-9bdf-4d1d-9d59-d99ad23d2dc9%40apereo.org.
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20140c81-415e-47f4-8862-9c0e99eac889%40apereo.org.
