CAS Management can't retrieve the list of attributes available on CAS Server?
I have added configuration to management.properties, but it didn't work. CAS Management only contains the default attributes (uid, eppn, givenName). I have tried adding the STUB configuration, unfortunately it is static. > ... attributeRepository.stub.attributes.uid = uid > ......... I hope CAS Management can take available attributes based on the CAS Server configuration. Can anyone give me a suggestion for what i want? Sent from my iPhone > On 10 Apr 2019, at 23.03, Ray Bon <[email protected]> wrote: > > Fahmi, > > Our management server is too old to have this feature. > Start here, > https://apereo.github.io/cas/5.3.x/integration/Attribute-Release.html > You probably have to add properties to management service properties file. > > Ray > >> On Tue, 2019-04-09 at 17:57 -0700, Fahmi L. Ramdhani wrote: >> Thank you for the quick reply. >> >> First I accessed via the browser >> https://cas.example.com/cas/status/discovery, then CAS directed to login. >> After successfully logging in, the results are like this: >> { >> "@class": "java.util.LinkedHashMap", >> "profile": { >> "@class": "org.apereo.cas.discovery.CasServerProfile", >> "registeredServiceTypes": { >> "@class": "java.util.HashMap", >> "CAS Client": "org.apereo.cas.services.RegexRegisteredService" >> }, >> "registeredServiceTypesSupported": { >> "@class": "java.util.HashMap", >> "SAML2 Service Provider": >> "org.apereo.cas.support.saml.services.SamlRegisteredService", >> "WS Federation Relying Party": >> "org.apereo.cas.ws.idp.services.WSFederationRegisteredService", >> "OpenID Connect Relying Party": >> "org.apereo.cas.services.OidcRegisteredService", >> "OAuth2 Client": >> "org.apereo.cas.support.oauth.services.OAuthRegisteredService", >> "CAS Client": "org.apereo.cas.services.RegexRegisteredService" >> }, >> "multifactorAuthenticationProviderTypesSupported": { >> "@class": "java.util.HashMap", >> "mfa-gauth": "Google Authenticator", >> "mfa-swivel": "Swivel Secure", >> "mfa-authy": "Authy", >> "mfa-radius": "RADIUS (RSA,WiKID)", >> "mfa-u2f": "FIDO U2F", >> "mfa-azure": "Microsoft Azure", >> "mfa-duo": "Duo Security" >> }, >> "delegatedClientTypesSupported": [ >> "java.util.HashSet", >> [ >> "OAuth20Client", >> "OAuth10Client", >> "TwitterClient", >> "FoursquareClient", >> "QQClient", >> "OrcidClient", >> "FacebookClient", >> "OkClient", >> "FormClient", >> "CasProxyReceptor", >> "GitHubClient", >> "KeycloakOidcClient", >> "BitbucketClient", >> "WordPressClient", >> "OidcClient", >> "WindowsLiveClient", >> "VkClient", >> "LinkedIn2Client", >> "YahooClient", >> "WechatClient", >> "Google2Client", >> "StravaClient", >> "GenericOAuth20Client", >> "AzureAdClient", >> "GoogleOidcClient", >> "CasOAuthWrapperClient", >> "PayPalClient", >> "WeiboClient", >> "DropBoxClient", >> "SAML2Client", >> "CasClient", >> "IndirectBasicAuthClient" >> ] >> ], >> "availableAttributes": [ >> "java.util.LinkedHashSet", >> [ >> "mail", >> "eppn", >> "displayName", >> "givenName", >> "uid" >> ] >> ] >> } >> } >> >> You can see the availableAttributes section? I need it to make it easier for >> CAS administrators to release attributes for each service. But when I access >> https://cas.example.com/cas-management and try to add services, the "mail", >> "eppn", "displayName", "givenName", "uid" attributes not show in the >> dropdown option ( Attribute Release Policy). I hope the dropdown option >> contains dynamic based on the attributes in JDBC (Multi-Row), but I have not >> found a solution. How to solve this problem? >> >> Thank you. >> >> >> Pada Rabu, 10 April 2019 07.45.56 UTC+7, rbon menulis: >>> >>> Fahmi, >>> >>> I have not set up any of the status features for cas, so have no experience >>> here. >>> Can you access it with a browser (that is, have you verified it is working >>> as expected)? >>> >>> What is your reason for using curl? >>> >>> Perhaps there is another alternative that others on the list have tried. >>> >>> Ray >>> >>>> On Wed, 2019-04-10 at 07:34 +0700, Fahmi L. Ramdhani wrote: >>>> Please tell me how to unprotect? In cas.properties i have to set >>>> >>>> endpoints.status.discovery.enabled = true >>>> ..sensitive = false >>>> >>>> Sorry for my questions. Thank you Ray. >>>> Sent from my iPhone >>>> >>>> On 10 Apr 2019, at 07.05, Ray Bon <[email protected]> wrote: >>>> >>>>> Fahmi, >>>>> >>>>> It looks like /cas/status/discovery is protected by cas and it redirects >>>>> to cas/login (status code 302). >>>>> Should the discovery page be protected? >>>>> >>>>> Ray >>>>> >>>>>> On Tue, 2019-04-09 at 16:43 -0700, Fahmi L. Ramdhani wrote: >>>>>> I tried accessing the result curl like this: >>>>>> >>>>>> curl -v https://cas.example.com:8443/cas/status/discovery >>>>>> * Trying 2xx.60.112.9... >>>>>> * Connected to cas.example.com (2xx.60.112.9) port 8443 (#0) >>>>>> * found 148 certificates in /etc/ssl/certs/ca-certificates.crt >>>>>> * found 592 certificates in /etc/ssl/certs >>>>>> * ALPN, offering http/1.1 >>>>>> * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 >>>>>> * server certificate verification OK >>>>>> * server certificate status verification SKIPPED >>>>>> * common name: cas.example.com (matched) >>>>>> * server certificate expiration date OK >>>>>> * server certificate activation date OK >>>>>> * certificate public key: RSA >>>>>> * certificate version: #3 >>>>>> * subject: CN=cas.example.com >>>>>> * start date: Wed, 03 Apr 2019 09:32:48 GMT >>>>>> * expire date: Tue, 02 Jul 2019 09:32:48 GMT >>>>>> * issuer: C=US,O=XXXXXXXXXXX,CN=XXXXXXXXXXXXXX >>>>>> * compression: NULL >>>>>> * ALPN, server did not agree to a protocol >>>>>> > GET /cas/status/discovery HTTP/1.1 >>>>>> > Host: cas.example.com:8443 >>>>>> > User-Agent: curl/7.47.0 >>>>>> > Accept: */* >>>>>> > >>>>>> < HTTP/1.1 302 >>>>>> < Cache-Control: no-cache, no-store, max-age=0, must-revalidate >>>>>> < Pragma: no-cache >>>>>> < Expires: 0 >>>>>> < Strict-Transport-Security: max-age=15768000 ; includeSubDomains >>>>>> < X-Content-Type-Options: nosniff >>>>>> < X-Frame-Options: DENY >>>>>> < X-XSS-Protection: 1; mode=block >>>>>> < Set-Cookie: JSESSIONID=AECBB7BF899FAFB0B707CE228ECC19EC; Path=/cas; >>>>>> Secure; HttpOnly >>>>>> < Location: >>>>>> https://cas.example.com:8443/cas/login?service=https%3A%2F%2Fcas.example.com%3A8443%2Fcas%2Fstatus%2Fdiscovery >>>>>> < Transfer-Encoding: chunked >>>>>> < Date: Tue, 09 Apr 2019 23:34:01 GMT >>>>>> < >>>>>> * Connection #0 to host cas.example.com left intact >>>>>> >>>>>> Can anyone help please? >>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google Groups >>>>> "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send an >>>>> email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6865637d5002e54d38c2e2e619ff06ec63e45f0a.camel%40uvic.ca. >>>> >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/4314fa3d37e510b2956fdda5527281a09aa882d1.camel%40uvic.ca. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CCD58B73-2087-41E3-BB23-3247EB357DE0%40gmail.com.
