[cas-user] Re: SAMLReponse Add new Attributes

Mon, 03 Jun 2019 07:01:14 -0700 

Andrey,

I don't know what version of CAS you're on, but for me, on CAS 5.2.x, I 
have the following json for one of our SPs:

{
  "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
  "serviceId" : "service-id-here",
  "name" : "name-here",
  "id" : 1001,
  "metadataLocation" : "https://service.address/SAML/Metadata";,
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
    "allowedAttributes" : {
      "@class" : "java.util.TreeMap",
      "cn" : "urn:oid:2.5.4.3",
      "mail" : "urn:oid:0.9.2342.19200300.100.1.3"
    }
  },
  "evaluationOrder" : 25
}


Have you tried using the Attribute Resolution & Release feature in the CAS 
Dashboard to see what is being released by CAS?

Matt


On Monday, June 3, 2019 at 5:53:36 AM UTC-6, Andrey Seledkov wrote:
>
> Hi team.
>
> When I worked with with SAML between CAS as IDp and Keycloak as SP , i 
> cannot add addition attribute like firstName, lastName
>
> my cas seetings
>
> cas.authn.attributeRepository.jdbc[0].singleRow=true
> cas.authn.attributeRepository.jdbc[0].requireAllAttributes=true
>
> cas.authn.attributeRepository.jdbc[0].sql=SELECT * FROM ml_emp WHERE {0}
> cas.authn.attributeRepository.jdbc[0].username=USERNAME
> cas.authn.attributeRepository.jdbc[0].driverClass=oracle.jdbc.OracleDriver
> cas.authn.attributeRepository.jdbc[0].user=${DB_USERNAME}
> cas.authn.attributeRepository.jdbc[0].password=${DB_PASSWORD}
> cas.authn.attributeRepository.jdbc[0].url=${DB_URL}
>
> cas.authn.attributeRepository.jdbc[0].attributes.FIRST_NAME=firstName
> cas.authn.attributeRepository.jdbc[0].attributes.LAST_NAME=lastName
>
> my json file
>
> {
>   "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
>   "serviceId": "service-id-here",
>   "name": "name-here",
>   "id": 10000010,
>   "evaluationOrder": 1,
>   "metadataLocation": "file:/etc/cas/saml/saml.xml",
>   "attributeReleasePolicy": {
>     "@class": 
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
>     "allowedAttributes": [
>       "firstName",
>       "lastName"
>     ]
>   }
> }
>
>
> But when i redirect to Keycloak  I dont see any additional attributes in 
> SAMLReponse, could you please assist
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b55cb7e-149c-4b97-a91d-bd755df4c4ba%40apereo.org.

Reply via email to