[cas-user] CAS 6.2.x Surrogate Principle has no mapped attributes from LDAP

Thu, 26 Nov 2020 07:07:04 -0800 

Hello,

I'm trying to configure the surrogate authentication support over ldap 
authentication.
All this happens on CAS Version 6.2.5.

The problem is, that the surrogate user principal has no attributes, which 
should be mapped from ldap. I want, that the surrogateUser principal will 
get his ldap attributes. For the primary user it works fine.

I only got: *Surrogate access is denied. The principal does not have the 
required attributes [{attributes=[testAttribute]}] *-> which are defined in 
the service at "surrogateRequiredAttributes".

In the Debug logs i could see this:

*<Found surrogate principal [SimplePrincipal(id=testuser, attributes={})]>*

Some logs earlier i can see, that the ldap user for surrogate is found 
sucessfully and all needed attributes exists. -> so i think, that something 
with the principal resolution doesnt work.

here an snippet of my cas.properties:




*cas.authn.surrogate.ldap.searchFilter=uid:caseExactMatch:={user} 
cas.authn.surrogate.ldap.surrogateSearchFilter=uid:caseExactMatch:={surrogate} 
cas.authn.surrogate.principal.attribute-resolution-enabled=true 
cas.authn.surrogate.principal.principal-attribute=attributes*

I switched the accessStrategy in my services to 
*SurrogateRegisteredServiceAccessStrategy*.

So.. i dont know, why the attributes of the surrogate user wont mapped into 
the surrogate user principal. For the primary user it works fine(by the 
primary user I used *cas.authn.ldap[0].principalAttributeList*=attributes  
--> works fine).

But in the documentation, it seems that there only exists the attribute "
*principal-attribute*" for this type of setting.

Can someone help me here?

Greetings and thank you.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/dddcea41-0b40-47bd-a144-579c3b82bbd8n%40apereo.org.

Reply via email to