Apologies, I see you have that already, I mis-read the original post :)
On Thursday, January 23, 2020 at 10:32:36 AM UTC-5, Josh wrote:
>
> You dont need an allowedAttributes sections for this, just an
> attributeReleasePolicy like so:
>
> attributeReleasePolicy : {
> @class : org.apereo.cas.services.ReturnMappedAttributeReleasePolicy
> allowedAttributes : {
> @class : java.util.TreeMap
> mail : "urn:oid:0.9.2342.19200300.100.1.3"
> gecos : "urn:oid:2.16.840.1.113730.3.1.241"
> eduPersonPrincipalName : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
> }
> }
>
>
> On Thursday, January 23, 2020 at 3:54:19 AM UTC-5, stonej wrote:
>>
>> Hello All,
>>
>> I am trying to move away from shibboleth IDP and move to CAS IDP but
>> having a few issues, I have had a look at the documentation and this group
>> and cannot seem to find the answer. I need to pass certain attributes,
>> these ones -
>>
>> urn:oid:0.9.2342.19200300.100.1.3 - mail value email address
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value member
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value staff or
>> student
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.6 - eduPersonPrincipalName mail value
>> email address
>> urn:oid:2.5.4.4 - sn value surname
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value
>> [email protected]
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value
>> staff or [email protected]
>> urn:oid:2.5.4.42 - givenName value First Name
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.10 - eduPersonTargetedID Value random id
>> based on salt
>> urn:oid:1.3.6.1.4.1.5923.1.1.1.7 - eduPersonEntitlement value
>> urn:mace:dir:entitlement:common-lib-terms
>>
>> but I am getting :
>>
>> credentialType credentialType UsernamePasswordCredential
>> samlAuthenticationStatementAuthMethod
>> samlAuthenticationStatementAuthMethod
>> urn:oasis:names:tc:SAML:1.0:am:password
>> isFromNewLogin isFromNewLogin true
>> authenticationDate authenticationDate 2020-01-22T13:59:03.213799Z
>> urn:oid:0.9.2342.19200300.100.1.3 urn:oid:0.9.2342.19200300.100.1.3
>> [email protected]
>> authenticationMethod authenticationMethod LdapAuthenticationHandler
>> urn:oid:0.9.2342.19200300.100.1.1 urn:oid:0.9.2342.19200300.100.1.1
>> Username
>> successfulAuthenticationHandlers successfulAuthenticationHandlers
>> LdapAuthenticationHandler
>> longTermAuthenticationRequestTokenUsed
>> longTermAuthenticationRequestTokenUsed false
>> urn:oid:2.5.4.42 urn:oid:2.5.4.42 FirstName
>> urn:oid:2.5.4.4 urn:oid:2.5.4.4 Surname
>>
>> Here is my JSON file:
>>
>> {
>> "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
>> "serviceId" : "SERVICE",
>> "name" : "Apache Secured By SAML",
>> "id" : 100000011,
>> "description" : "CAS development Apache mod_shib/shibd server with
>> username/password protection",
>> "metadataLocation" : "file:////etc/cas/saml/metadata/metadata.xml",
>> "encryptAssertions": "true",
>> "attributeReleasePolicy" : {
>> "@class" :
>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
>> "allowedAttributes" : {
>> "@class" : "java.util.TreeMap",
>> "eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName",
>> "cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
>> "displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
>> "givenName" : "urn:oid:2.5.4.42",
>> "mail" : "urn:oid:0.9.2342.19200300.100.1.3",
>> "role" : "urn:DOMAIN:attribute-def:role",
>> "sn" : "urn:oid:2.5.4.4",
>> "uid" : "urn:oid:0.9.2342.19200300.100.1.1",
>> "UDC_IDENTIFIER": "urn:DOMAIN:attribute-def:UDC_IDENTIFIER",
>> "eppn" : "urn:oid:0.9.2342.19200300.100.1.1"
>> "affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
>> "affiliation" : "staff"
>> }
>> "persistentIdGenerator" : {
>> "@class" :
>> "org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
>> "salt" : "aGVsbG93b3JsZA==",
>> "attribute": "eduPersonEntitlement"
>> }
>> },
>> "evaluationOrder" : 1125
>> }
>>
>>
>> What am I doing wrong ? I do have other files to prepare but I know if I
>> can get this one working I can get the other ones working,
>>
>> Thanks for all your help
>>
>> Jeff
>>
>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/04d8a27f-bbf9-43f2-926a-67f1e07fc45d%40apereo.org.
