OK with LDAP maybe it not username but uid ... But after you have to mapn your CAS attributes to jour OIDC DEFINE CLAIMS like this :
https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#openid-connect-scopes--claims Le sam. 22 août 2020 à 14:43, Nikolas Stylianides <[email protected]> a écrit : > Hi Jerome. Keep in mind that my CAS release is 6.2.1. > > I have no attributes.username since I collect my attributes during the > LDAP authentication. > I have also tried mapping claims to attributes with no luck. > > > In the document action it says that If no mapping is provide then the > attributes names must much the claim names. I do that also in my service > definition file. > Still no luck. > > All claims are included under the field "attributes" > > Which is not the response I expect. > > Has anyone solved this in 6.2.1? > Maybe is a bug? > > Στις Σάβ, 22 Αυγ 2020, 12:49 ο χρήστης Jérôme Steve < > [email protected]> έγραψε: > >> First,I think you have to définie attributs.username correspondibg to >> jour login : >> >> >> https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html >> >> After you have to maps attributs to claims : >> >> >> https://apereo.github.io/cas/5.1.x/installation/OIDC-Authentication.html#mapping-claims >> >> >> >> Le sam. 22 août 2020 à 10:34, Nikolas Stylianides <[email protected]> >> a écrit : >> >>> Anyone with an answer for this behavior? >>> I can now release attributes but only under the field "attributes". >>> Anything i am missing to be able to release claims in the format: >>> { >>> "email": "[email protected] <https://groups.google.com/>", >>> "given_name": "test", >>> "sub": "test", >>> "service": "client_id", >>> "auth_time": 1598017095, >>> "id": "test", >>> "client_id": "client_id" >>> } >>> >>> >>> Στις Παρασκευή, 21 Αυγούστου 2020 στις 4:48:44 μ.μ. UTC+3, ο χρήστης >>> Nikolas Stylianides έγραψε: >>> >>>> Hi Jerome. Thank you for the response. >>>> I am a little bit confused. What to define? >>>> When it comes to get the user info, CAS Debugger it reports: >>>> >>>> I have been able to release attributes in the attribute claim >>>> >>>> { >>>> "sub": "test", >>>> "service": "client_id", >>>> "auth_time": 1598017095, >>>> "attributes": { >>>> "email": "[email protected]", >>>> "profile": "test" >>>> }, >>>> "id": "test", >>>> "client_id": "client_id" >>>> } >>>> >>>> by enabling: >>>> >>>> cas.authn.attribute-repository.ldap[0].attributes.cn=profile >>>> cas.authn.attribute-repository.ldap[0].attributes.mail=email >>>> >>>> But still i cannot release the CLAIMS for the requested scopes (email, >>>> profile) >>>> >>>> Thank you in advance >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Fri, Aug 21, 2020 at 12:36 PM Jérôme Steve <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> In cas OIDC claims values come from attribute repositories. >>>>> So you have to define it to retrieved your attributes value. >>>>> And after you can map it to the OIDC claims. >>>>> >>>>> Jérôme >>>>> >>>>> Le ven. 21 août 2020 à 09:39, Nikolas Stylianides <[email protected]> >>>>> a écrit : >>>>> >>>>>> when i use the PASSWORD grant_type and then use the return token to >>>>>> fetch user information from oidc/profile this is what i get. >>>>>> >>>>>> { >>>>>> "sub": "aUserName", >>>>>> "service": "client_id", >>>>>> "auth_time": 1597989795, >>>>>> "attributes": {}, >>>>>> "id": " aUserName ", >>>>>> "client_id": "client_id" >>>>>> } >>>>>> >>>>>> Any ideas why i have no claims in the return JSON? >>>>>> Maybe the same happens with the AUTHORIZATION_CODE grant_type? >>>>>> >>>>>> >>>>>> >>>>>> Στις Πέμπτη, 20 Αυγούστου 2020 στις 5:37:33 μ.μ. UTC+3, ο χρήστης >>>>>> Nikolas Stylianides έγραψε: >>>>>> >>>>>>> Hi there. >>>>>>> Another strange behavior is the following. >>>>>>> I am setting my Moodle to OIDC and the procedure goes well. Once i >>>>>>> "Allow" the the claims it does not get any user info. >>>>>>> >>>>>>> CAS Debugger reports: <No person records were fetched from attribute >>>>>>> repositories for [{username=c44c3fc514202ac9a8cc5cf6437c1c21}]> >>>>>>> >>>>>>> which username is actually client_id >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, Aug 19, 2020 at 6:35 PM Nikolas Stylianides < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi there. >>>>>>>> I have manged to setup the OpenID Connect protocol. >>>>>>>> The issue i am facing is in the last steps where the Attributes >>>>>>>> should be released to the service but they are not. >>>>>>>> I am getting on the logs of CAS the following: WARN >>>>>>>> [org.apereo.cas.authentication.attribute.PrincipalAttributeRepositoryFetcher] >>>>>>>> - <No person records were fetched from attribute repositories for ... > >>>>>>>> >>>>>>>> Any advice? >>>>>>>> >>>>>>>> My service has been defined as follows: >>>>>>>> Service is Moodle >>>>>>>> >>>>>>>> { >>>>>>>> "@class" : "org.apereo.cas.services.OidcRegisteredService", >>>>>>>> "serviceId" : "https://myservice.domain/admin/oauth2callback.php >>>>>>>> ", >>>>>>>> "name" : "oidc", >>>>>>>> "id" : 102, >>>>>>>> "clientId": "...", >>>>>>>> "clientSecret": "...", >>>>>>>> "scopes": [ "java.util.HashSet", >>>>>>>> [ "openid", "profile", "email", "address", "phone", >>>>>>>> "offline_access", "displayName" ] >>>>>>>> ], >>>>>>>> "supportedGrantTypes":[ "java.util.HashSet", >>>>>>>> >>>>>>>> ["AUTHORIZATION_CODE","CLIENT_CREDENTIALS","PASSWORD","REFRESH_TOKEN"] >>>>>>>> ], >>>>>>>> "supportedResponseTypes":[ "java.util.HashSet", [ "code" ] ], >>>>>>>> "theme": "apereo", >>>>>>>> "description" : "This service definition authorizes all >>>>>>>> application urls that support HTTPS and IMAPS protocols.", >>>>>>>> "evaluationOrder" : 10000, >>>>>>>> "attributeReleasePolicy" : { >>>>>>>> "@class" : >>>>>>>> "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" >>>>>>>> }, >>>>>>>> "accessStrategy" : { >>>>>>>> "@class" : >>>>>>>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", >>>>>>>> "enabled" : true, >>>>>>>> "ssoEnabled" : true >>>>>>>> } >>>>>>>> } >>>>>>>> >>>>>>>> Thank you in advance. >>>>>>>> >>>>>>>> -- >>>>>>>> Δρ. Νικόλας Στυλιανίδης >>>>>>>> Ηλεκτρολόγος Μηχανικός και Μηχ. Υπολογιστών >>>>>>>> >>>>>>>> Nikolas Stylianides, Dr. >>>>>>>> Dr. Eng. in Electrical & Computer Engineering >>>>>>>> >>>>>>>> Contacts >>>>>>>> ------------- >>>>>>>> Mobile Tel.: +35796741315 <+357%2096%20741315> >>>>>>>> Email: [email protected], [email protected] >>>>>>>> Skype: nicostyl >>>>>>>> >>>>>>>> Affilication >>>>>>>> --------------- >>>>>>>> LEAF NET LTD: Research & Development >>>>>>>> Open University of Cyprus: Research Associate, APPLIED HEALTH >>>>>>>> INFORMATICS Master Programme Academic Board Member >>>>>>>> >>>>>>>> >>>>>>>> Tο λακωνίζειν εστί φιλοσοφείν / Μηδέν Άγαν - Χίλων ο Λακεδαιμόνιος: >>>>>>>> >>>>>>>> Brevity is the soul of wit - Shakespeare William (Hamlet) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Δρ. Νικόλας Στυλιανίδης >>>>>>> Ηλεκτρολόγος Μηχανικός και Μηχ. Υπολογιστών >>>>>>> >>>>>>> Nikolas Stylianides, Dr. >>>>>>> Dr. Eng. in Electrical & Computer Engineering >>>>>>> >>>>>>> Contacts >>>>>>> ------------- >>>>>>> Mobile Tel.: +35796741315 <+357%2096%20741315> >>>>>>> Email: [email protected], [email protected] >>>>>>> Skype: nicostyl >>>>>>> >>>>>>> Affilication >>>>>>> --------------- >>>>>>> LEAF NET LTD: Research & Development >>>>>>> Open University of Cyprus: Research Associate, APPLIED HEALTH >>>>>>> INFORMATICS Master Programme Academic Board Member >>>>>>> >>>>>>> >>>>>>> Tο λακωνίζειν εστί φιλοσοφείν / Μηδέν Άγαν - Χίλων ο Λακεδαιμόνιος: >>>>>>> >>>>>>> Brevity is the soul of wit - Shakespeare William (Hamlet) >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>> - Website: https://apereo.github.io/cas >>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "CAS Community" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e9ce28d5-72f9-4229-9dcc-51ad9a8e1150n%40apereo.org >>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e9ce28d5-72f9-4229-9dcc-51ad9a8e1150n%40apereo.org?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> >>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD6Knbz0u4iNgJL8MA%2Bq9_c7NFF92VpqgGh-zR_WRbdz8H0Z-Q%40mail.gmail.com >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD6Knbz0u4iNgJL8MA%2Bq9_c7NFF92VpqgGh-zR_WRbdz8H0Z-Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> >>>> >>>> -- >>>> Δρ. Νικόλας Στυλιανίδης >>>> Ηλεκτρολόγος Μηχανικός και Μηχ. Υπολογιστών >>>> >>>> Nikolas Stylianides, Dr. >>>> Dr. Eng. in Electrical & Computer Engineering >>>> >>>> Contacts >>>> ------------- >>>> Mobile Tel.: +35796741315 <+357%2096%20741315> >>>> Email: [email protected], [email protected] >>>> Skype: nicostyl >>>> >>>> Affilication >>>> --------------- >>>> LEAF NET LTD: Research & Development >>>> Open University of Cyprus: Research Associate, APPLIED HEALTH >>>> INFORMATICS Master Programme Academic Board Member >>>> >>>> >>>> Tο λακωνίζειν εστί φιλοσοφείν / Μηδέν Άγαν - Χίλων ο Λακεδαιμόνιος: >>>> >>>> Brevity is the soul of wit - Shakespeare William (Hamlet) >>>> >>>> >>>> >>>> >>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f3be7f46-156e-4d64-a481-cc39eb7d2a48n%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f3be7f46-156e-4d64-a481-cc39eb7d2a48n%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD6KnbxsAjjKyJ5bxQwBaE1GJy36pAF5xNQa-c_ZN8wowsmSaQ%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD6KnbxsAjjKyJ5bxQwBaE1GJy36pAF5xNQa-c_ZN8wowsmSaQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGp1hEXFAV5XWB2jsohMTuxRH00FKbmMgXhuOQNQnCwp2293WA%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGp1hEXFAV5XWB2jsohMTuxRH00FKbmMgXhuOQNQnCwp2293WA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD6KnbxHPfXyTNMBpK4ZV8JvZUVTDktaH8URKCz%3DgY6_tEc0Fw%40mail.gmail.com.
