To remove unwanted authentication attributes add excludeDefaultAttributes: true.
On Thu, Jan 23, 2020 at 7:33 AM Josh <[email protected]> wrote: > Apologies, I see you have that already, I mis-read the original post :) > > On Thursday, January 23, 2020 at 10:32:36 AM UTC-5, Josh wrote: >> >> You dont need an allowedAttributes sections for this, just an >> attributeReleasePolicy like so: >> >> attributeReleasePolicy : { >> @class : >> org.apereo.cas.services.ReturnMappedAttributeReleasePolicy >> allowedAttributes : { >> @class : java.util.TreeMap >> mail : "urn:oid:0.9.2342.19200300.100.1.3" >> gecos : "urn:oid:2.16.840.1.113730.3.1.241" >> eduPersonPrincipalName : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6" >> } >> } >> >> >> On Thursday, January 23, 2020 at 3:54:19 AM UTC-5, stonej wrote: >>> >>> Hello All, >>> >>> I am trying to move away from shibboleth IDP and move to CAS IDP but >>> having a few issues, I have had a look at the documentation and this group >>> and cannot seem to find the answer. I need to pass certain attributes, >>> these ones - >>> >>> urn:oid:0.9.2342.19200300.100.1.3 - mail value email address >>> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value member >>> urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value staff or >>> student >>> urn:oid:1.3.6.1.4.1.5923.1.1.1.6 - eduPersonPrincipalName mail value >>> email address >>> urn:oid:2.5.4.4 - sn value surname >>> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value >>> [email protected] >>> urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value >>> staff or [email protected] >>> urn:oid:2.5.4.42 - givenName value First Name >>> urn:oid:1.3.6.1.4.1.5923.1.1.1.10 - eduPersonTargetedID Value random id >>> based on salt >>> urn:oid:1.3.6.1.4.1.5923.1.1.1.7 - eduPersonEntitlement value >>> urn:mace:dir:entitlement:common-lib-terms >>> >>> but I am getting : >>> >>> credentialType credentialType UsernamePasswordCredential >>> samlAuthenticationStatementAuthMethod >>> samlAuthenticationStatementAuthMethod >>> urn:oasis:names:tc:SAML:1.0:am:password >>> isFromNewLogin isFromNewLogin true >>> authenticationDate authenticationDate 2020-01-22T13:59:03.213799Z >>> urn:oid:0.9.2342.19200300.100.1.3 urn:oid:0.9.2342.19200300.100.1.3 >>> [email protected] >>> authenticationMethod authenticationMethod LdapAuthenticationHandler >>> urn:oid:0.9.2342.19200300.100.1.1 urn:oid:0.9.2342.19200300.100.1.1 >>> Username >>> successfulAuthenticationHandlers successfulAuthenticationHandlers >>> LdapAuthenticationHandler >>> longTermAuthenticationRequestTokenUsed >>> longTermAuthenticationRequestTokenUsed false >>> urn:oid:2.5.4.42 urn:oid:2.5.4.42 FirstName >>> urn:oid:2.5.4.4 urn:oid:2.5.4.4 Surname >>> >>> Here is my JSON file: >>> >>> { >>> "@class" : >>> "org.apereo.cas.support.saml.services.SamlRegisteredService", >>> "serviceId" : "SERVICE", >>> "name" : "Apache Secured By SAML", >>> "id" : 100000011, >>> "description" : "CAS development Apache mod_shib/shibd server with >>> username/password protection", >>> "metadataLocation" : "file:////etc/cas/saml/metadata/metadata.xml", >>> "encryptAssertions": "true", >>> "attributeReleasePolicy" : { >>> "@class" : >>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", >>> "allowedAttributes" : { >>> "@class" : "java.util.TreeMap", >>> "eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName", >>> "cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", >>> "displayName" : "urn:oid:2.16.840.1.113730.3.1.241", >>> "givenName" : "urn:oid:2.5.4.42", >>> "mail" : "urn:oid:0.9.2342.19200300.100.1.3", >>> "role" : "urn:DOMAIN:attribute-def:role", >>> "sn" : "urn:oid:2.5.4.4", >>> "uid" : "urn:oid:0.9.2342.19200300.100.1.1", >>> "UDC_IDENTIFIER": "urn:DOMAIN:attribute-def:UDC_IDENTIFIER", >>> "eppn" : "urn:oid:0.9.2342.19200300.100.1.1" >>> "affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1" >>> "affiliation" : "staff" >>> } >>> "persistentIdGenerator" : { >>> "@class" : >>> "org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator", >>> "salt" : "aGVsbG93b3JsZA==", >>> "attribute": "eduPersonEntitlement" >>> } >>> }, >>> "evaluationOrder" : 1125 >>> } >>> >>> >>> What am I doing wrong ? I do have other files to prepare but I know if >>> I can get this one working I can get the other ones working, >>> >>> Thanks for all your help >>> >>> Jeff >>> >>> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/04d8a27f-bbf9-43f2-926a-67f1e07fc45d%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/04d8a27f-bbf9-43f2-926a-67f1e07fc45d%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEb9AqkzWrwxcB9NAyGjaPAc0q35Fa7_aNv0y%3DMy1qwgqw%40mail.gmail.com.
