Yup, it was just the CAS client configuration. All is well. Thanks!
On Friday, August 31, 2018 at 4:02:11 PM UTC-5, Bill Scully wrote:
>
> Thank you both for your helpful links and examples!
>
> I haven't been able to successfully retrieve any specified attributes in
> our testing, but it may our client configuration.
>
> On to troubleshooting!
>
> Many, many thanks to both of you, again!
>
> On Friday, August 31, 2018 at 2:17:12 PM UTC-5, waldbiec wrote:
>>
>> Bill,
>>
>> In `cas.properties`, in your LDAP section, you want a property like this:
>>
>>
>> cas.authn.ldap[0].principalAttributeList=uid,givenName,sn:surname,mail:email,memberOf
>>
>>
>>
>> That says that the principal that is authenticated should get the above
>> list of LDAP attributes. For the ones that have 2 items separated by a
>> colon, that is just a rename from the LDAP attribute to the name that will
>> be exposed via CAS.
>>
>> In your service file for an individual service, you specify what
>> attributes from the above list you want to release. The following sections
>> from a service file are an example:
>>
>> "attributeReleasePolicy" : {
>> "@class" :
>> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
>> "attributeFilter" : {
>> "@class":
>> "org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter",
>>
>>
>> "patterns": {
>> "@class" : "java.util.HashMap",
>> "memberOf": "cn=administrators,ou=groups,dc=example,dc=org"
>> },
>> "excludeUnmappedAttributes": false,
>> "completeMatch": false,
>> "order": 0
>> },
>> "allowedAttributes" : [ "java.util.ArrayList",
>> [
>> "uid",
>> "memberOf",
>> "email",
>> "givenName",
>> "surname"
>> ]
>> ]
>> },
>>
>> The "attributeReleasePolicy" is used to filer the "memberOf" attribute
>> down to a specific value (because he attribute is multi-valued, and you
>> usually only want to release only one or a few of the values to a service).
>> The "allowedAttributes" section specifies what attributes from the
>> principal will be released at all.
>>
>> Thanks,
>> Carl Waldbieser
>> ITS Identity Management
>> Lafayette College
>>
>> ----- Original Message -----
>> From: "Bill Scully" <[email protected]>
>> To: "cas-user" <[email protected]>
>> Sent: Friday, 31 August, 2018 15:00:09
>> Subject: [cas-user] CAS 5.2 Passing LDAP Attributes to Application
>>
>> Hi,
>>
>> I'm having a hard time getting my head around where to start configuring
>> CAS to provide LDAP attributes to the "RegisteredService" / application
>> after authentication. I'm assuming there are 2 areas that I need to
>> configure, cas.properties and service JSON files, but navigating the
>> documentation to find what I need has been beyond me up to this point.
>>
>> Can someone kindly point me to the right areas
>> of https://apereo.github.io/cas/5.2.x/ or give me some tips on where I
>> can
>> figure out how to retrieve certain attributes from LDAP and share those
>> selected values with the application? I hope I'm using "application"
>> properly.
>>
>> Thanks,
>>
>> Bill
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac28e9bc-9bdf-4d1d-9d59-d99ad23d2dc9%40apereo.org.
>>
>>
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/714d92bf-5b86-44eb-8af7-3769a862738d%40apereo.org.
