Jeff,
'excludeDefaultAttributes' should be inside 'attributeReleasePolicy'.
Where are you defining 'FirstName' and 'Surname'?
If it is in the list of default attributes, then you want
'excludeDefaultAttributes=false'.
Add this to log4j2.xml:
<!-- DEBUG Found principal attributes [...] for [username]
Attribute policy [???] allows release of [...] for [username]
Final collection of attributes allowed are: [...] -->
<AsyncLogger
name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
level="debug"/>
Ray
P.S. It would be easier to see what is going on if you the service definition
was complete (just in case something else was in the wrong place).
On Wed, 2020-01-29 at 04:50 -0800, stonej wrote:
Hi All,
I am slowly getting there, although now I have hit another hurdle.
I need eduPersonTargetedID, now I can get that by using
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "https://DOMAIN";,
"name" : "Apache Secured By SAML",
"id" : 100000011,
"description" : "CAS development Apache mod_shib/shibd server with
username/password protection",
"metadataLocation" : "file:////etc/cas/saml/metadata/metadata.xml",
"encryptAssertions": "true",
"excludeDefaultAttributes" : "true",
"attributeReleasePolicy": {
"@class":
"org.apereo.cas.support.saml.services.EduPersonTargetedIdAttributeReleasePolicy",
"salt": "OqmG80fEKBQt",
"attribute": ""
}
}
But I cannot get any other attributes like FirstName, Surname etc.
And also the "excludeDefaultAttributes" : "true", doesn't seem to work, not
sure if I have put it in the correct place.
I have tried :
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName",
"cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"eduPersonPrincipalName" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
"givenName" : "urn:oid:2.5.4.42",
"mail" : "urn:oid:0.9.2342.19200300.100.1.3",
"role" : "urn:hope.ac.uk:attribute-def:role",
"sn" : "urn:oid:2.5.4.4",
"uid" : "urn:oid:0.9.2342.19200300.100.1.1",
"UDC_IDENTIFIER": "urn:hope.ac.uk:attribute-def:UDC_IDENTIFIER",
"eppn" : "urn:oid:0.9.2342.19200300.100.1.1",
"affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1",
"affiliation" : "staff",
"excludeDefaultAttributes" : "true"
}
"persistentIdGenerator" : {
"@class" :
"org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
"salt" : ""OqmG80fEKBQt",
"attribute": "eduPersonTargetedID"
}
And that shows me the attributes but NOT the eduPersonTargetedID. Do I have to
use a Groovy script to pull all the attributes together ?
Thanks
Jeff
On Friday, January 24, 2020 at 1:30:26 AM UTC, Andy Ng wrote:
Hi Travis,
> To remove unwanted authentication attributes add excludeDefaultAttributes:
> true.
Oh we can do that?! Didn't knows about that and good to learn about this!
Thanks Travis :)
Cheers!
- Andy
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/95e0c8c76d4ce6cd9f350ad3b5b84a5292ad2145.camel%40uvic.ca.
