Hi All, I am currently in the process of migrating from v5.0.x to v5.3.x and am having issues with obtaining attributes for services. The symptom I am seeing is that, even when I configure a service with the Attribute Release policy of Return All I am seeing no attributes when I run through the test provided at /status/attrresolution
I am using LDAP for authentication, and from the documentation I should also be able to use this in order to obtain attributes (see https://apereo.github.io/cas/5.3.x/integration/Attribute-Resolution.html): Principal Resolution > Note that in most if not all cases, CAS authentication is able to retrieve > and resolve attributes from the authentication source, which would > eliminate the need for configuring a separate resolver specially if both > the authentication and the attribute source are the same. Using separate > resolvers should only be required when sources are different, or when there > is a need to tackle more advanced attribute resolution use cases such as > cascading, merging, etc. See this guide for more info. The configuration block for the ldap source is as follows cas.authn.ldap[0].principalAttributeList=memberOf, samaccountname, displayName, mail cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldaps://dc.domain.com cas.authn.ldap[0].useSsl=true cas.authn.ldap[0].baseDn=cn=users,dc=domain,dc=com cas.authn.ldap[0].bindDn=cn=admin,ou=admin,dc=domain,dc=com cas.authn.ldap[0].bindCredential=************** cas.authn.ldap[0].searchFilter=(|(sAMAccountName={user})(mail={user})) cas.authn.ldap[0].principalAttributeId=samaccountname cas.authn.ldap[0].validator.baseDn=cn=users,dc=domain,dc=com Under the previous version this was sufficient to ensure those attributes listed (memberOf, samaccountname, displayName, mail) would end up in the cas response. They don't any more. In some initial debugging I have found that in PolicyBasedAuthenticationManager::authenticateAndResolvePricipal() the principal which is getting returned from the result (an instance of a SimplePrincipal) contains the attributes returned by the LdapAuthenticationHandler, but that these are then overwritten with the call to this.resolvePricipal(handler, resolver, credential, principal) which happens a few lines later (with the resolver being of the type : PersonDirectoryPrincipalResolver(attributeRepository=org.apereo.services.persondir.support.CachingPersonAttributeDaoImpl@41e5bc47, principalFactory=org.apereo.cas.authentication.principal.DefaultPrincipalFactory@1, returnNullIfNoAttributes=false, principalNameTransformer=org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver$$Lambda$167/1993482928@71e35b54, principalAttributeNames=null, useCurrentPrincipalId=false) ) At this point I am stumped. Thanks in advance for any help, Iain -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/dd1d3f4a-b458-4896-99e1-2d9acb7b06fa%40apereo.org.
