Hi, You are missing nothing. pac4j authentication attributes are not used to build the CAS principal, only the user attributes. Thanks. Best regards, Jérôme
On Tue, Nov 13, 2018 at 3:48 PM David Oteo <[email protected]> wrote: > Hi, > > We configured CAS 5.2.2 to delegate authentication to an external IdP > through SAML. In the SAML response there is an "AuthnContext" tag that does > not appear in the user profile attributes. CAS 5.2.2 seems to use pac4j > v2.2.x and here (https://github.com/pac4j/pac4j/pull/961) I can see that > this functionality was added to pac4j v2.2. > > I see this in the logs: > > [13/11/18 15:13:42:484 CET] 00000147 SystemOut O 2018-11-13 > 15:13:42,339 DEBUG [org.pac4j.saml.profile.SAML2Profile] - <adding => key: > authnContext / value: [urn:safelayer:tws:policies:authentication:flow:cert] > / class java.util.ArrayList> > > but the attribute is not present in the user profile: > > [13/11/18 15:13:42:547 CET] 00000147 SystemOut O 2018-11-13 > 15:13:42,340 DEBUG [org.pac4j.saml.client.SAML2Client] - <profile: > #SAML2Profile# | id: CN=CORPREC FICTICIO ACTIVO, O=EMPTY | attributes: > {country=[ES], cif=[Q3890349H], birthdate=[EMPTY], key_usage=[EMPTY], > not_before=[2017-03-16T12:15:29Z], subject=[SERIALNUMBER=99999988J, > OID.2.5.4.4=#0C08464943544943494F, OID.2.5.4.42=#0C07434F5250524543, > CN=CORPREC FICTICIO ACTIVO, > OID.2.5.4.46=#131D2D646E692039393939393938384A202D63696620513338393033343948, > OU=Condiciones de uso en www.izenpe.com nola erabili jakiteko, > OU=Ziurtagiri korporatibo onartua - Cert. corporativo reconocido, O=IZENPE, > C=ES], tsl=[S], issuer=[CN=CA personal de AAPP vascas (2) - DESARROLLO, > OU=AZZ Ziurtagiri publikoa - Certificado publico SCA, O=IZENPE S.A., C=ES], > notBefore=2018-11-13T14:13:41.480Z, surname1=[FICTICIO], surname2=[ACTIVO], > dni=[99999988J], email=EMPTY, tipoAfirma=[0], firmaCualificada=[S], > naturalPersonSemanticsIdentifier=[IDCES-99999988J], > legalPersonSemanticsIdentifier=[VATES-Q3890349H], serial_number=[C6o=], > preferencia_otp=[sms], given_name=[CORPREC], pais=[ES], > not_after=[2021-03-16T12:15:29Z], register_type=[1], > policy_identifier=[1.3.6.1.4.1.14777.104.2], person_status=[PF], > organization=[EMPTY], domain=[izenpe], name=[CORPREC FICTICIO ACTIVO], > notOnOrAfter=2018-11-13T14:18:41.480Z, family_name=FICTICIO ACTIVO} | > roles: [] | permissions: [] | isRemembered: false | clientName: null | > linkedId: null |> > > What am I missing here? > > Thank you very much once again!! > > Best regards, > David. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/b40c3d58-1281-43e8-917b-8e76ca204241%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b40c3d58-1281-43e8-917b-8e76ca204241%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lxi5A_04L9YzqVQE%2BhCXrWhbZqKPnYJ8tCXsEp2fvs2_g%40mail.gmail.com.
