Hi All,
I am slowly getting there, although now I have hit another hurdle.
I need eduPersonTargetedID, now I can get that by using
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "https://DOMAIN";,
"name" : "Apache Secured By SAML",
"id" : 100000011,
"description" : "CAS development Apache mod_shib/shibd server with
username/password protection",
"metadataLocation" : "file:////etc/cas/saml/metadata/metadata.xml",
"encryptAssertions": "true",
"excludeDefaultAttributes" : "true",
"attributeReleasePolicy": {
"@class":
"org.apereo.cas.support.saml.services.EduPersonTargetedIdAttributeReleasePolicy",
"salt": "OqmG80fEKBQt",
"attribute": ""
}
}
But I cannot get any other attributes like FirstName, Surname etc.
And also the "excludeDefaultAttributes" : "true", doesn't seem to work,
not sure if I have put it in the correct place.
I have tried :
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName",
"cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"eduPersonPrincipalName" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
"givenName" : "urn:oid:2.5.4.42",
"mail" : "urn:oid:0.9.2342.19200300.100.1.3",
"role" : "urn:hope.ac.uk:attribute-def:role",
"sn" : "urn:oid:2.5.4.4",
"uid" : "urn:oid:0.9.2342.19200300.100.1.1",
"UDC_IDENTIFIER": "urn:hope.ac.uk:attribute-def:UDC_IDENTIFIER",
"eppn" : "urn:oid:0.9.2342.19200300.100.1.1",
"affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1",
"affiliation" : "staff",
"excludeDefaultAttributes" : "true"
}
"persistentIdGenerator" : {
"@class" :
"org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
"salt" : ""OqmG80fEKBQt",
"attribute": "eduPersonTargetedID"
}
And that shows me the attributes but NOT the eduPersonTargetedID. Do I
have to use a Groovy script to pull all the attributes together ?
Thanks
Jeff
On Friday, January 24, 2020 at 1:30:26 AM UTC, Andy Ng wrote:
>
> Hi Travis,
>
> > To remove unwanted authentication attributes add
> excludeDefaultAttributes: true.
>
> Oh we can do that?! Didn't knows about that and good to learn about this!
> Thanks Travis :)
>
> Cheers!
> - Andy
>
--
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/231a13b4-d3a6-4205-aaef-cc05b3897da5%40apereo.org.
