Andrey,
cn and mail are attributes from my LDAP that are being released to the SP.
Based on the Internet2 attribute release policy, firstName (givenName)
is urn:oid:2.5.4.42, while lastName (sn) is urn:oid:2.5.4.4
https://www.internet2.edu/help/attribute-release-policy/
If your SP is looking for specific attributes, they may need to be mapped
according to this Internet2 standard.
Hopefully that helps.
On Monday, June 3, 2019 at 8:37:39 AM UTC-6, Andrey Seledkov wrote:
>
> I will try , but what is 'cn' and 'mail' here?
>
> For my task I need to put in SamlResponse fisrtName and lastName which I
> retrieved from database
>
> понедельник, 3 июня 2019 г., 17:00:20 UTC+3 пользователь Matthew Uribe
> написал:
>>
>> Andrey,
>>
>> I don't know what version of CAS you're on, but for me, on CAS 5.2.x, I
>> have the following json for one of our SPs:
>>
>> {
>> "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
>> "serviceId" : "service-id-here",
>> "name" : "name-here",
>> "id" : 1001,
>> "metadataLocation" : "https://service.address/SAML/Metadata";,
>> "attributeReleasePolicy" : {
>> "@class" :
>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
>> "allowedAttributes" : {
>> "@class" : "java.util.TreeMap",
>> "cn" : "urn:oid:2.5.4.3",
>> "mail" : "urn:oid:0.9.2342.19200300.100.1.3"
>> }
>> },
>> "evaluationOrder" : 25
>> }
>>
>>
>> Have you tried using the Attribute Resolution & Release feature in the
>> CAS Dashboard to see what is being released by CAS?
>>
>> Matt
>>
>>
>> On Monday, June 3, 2019 at 5:53:36 AM UTC-6, Andrey Seledkov wrote:
>>>
>>> Hi team.
>>>
>>> When I worked with with SAML between CAS as IDp and Keycloak as SP , i
>>> cannot add addition attribute like firstName, lastName
>>>
>>> my cas seetings
>>>
>>> cas.authn.attributeRepository.jdbc[0].singleRow=true
>>> cas.authn.attributeRepository.jdbc[0].requireAllAttributes=true
>>>
>>> cas.authn.attributeRepository.jdbc[0].sql=SELECT * FROM ml_emp WHERE {0}
>>> cas.authn.attributeRepository.jdbc[0].username=USERNAME
>>>
>>> cas.authn.attributeRepository.jdbc[0].driverClass=oracle.jdbc.OracleDriver
>>> cas.authn.attributeRepository.jdbc[0].user=${DB_USERNAME}
>>> cas.authn.attributeRepository.jdbc[0].password=${DB_PASSWORD}
>>> cas.authn.attributeRepository.jdbc[0].url=${DB_URL}
>>>
>>> cas.authn.attributeRepository.jdbc[0].attributes.FIRST_NAME=firstName
>>> cas.authn.attributeRepository.jdbc[0].attributes.LAST_NAME=lastName
>>>
>>> my json file
>>>
>>> {
>>> "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
>>> "serviceId": "service-id-here",
>>> "name": "name-here",
>>> "id": 10000010,
>>> "evaluationOrder": 1,
>>> "metadataLocation": "file:/etc/cas/saml/saml.xml",
>>> "attributeReleasePolicy": {
>>> "@class":
>>> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
>>> "allowedAttributes": [
>>> "firstName",
>>> "lastName"
>>> ]
>>> }
>>> }
>>>
>>>
>>> But when i redirect to Keycloak I dont see any additional attributes in
>>> SAMLReponse, could you please assist
>>>
>>>
>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f1b4df77-3166-4c58-a0a1-0b2489f9a04d%40apereo.org.
