Did you get solution to this, even i am having the same scenario and looking for the solution to the same question?
On Wednesday, 11 August 2021 at 16:38:36 UTC+5:30 [email protected] wrote: > Hello! > > And what to do if: > > I have CAS 5.2.3 and an LDAP connection. > > LDAP has 1 domain and 2 ou (ou = groups, ou = people). Each group has a cn > with the group name. Each such group contains several members, where the > username from ou = people is specified. > > My task is to get the groups of the user when it is authenticated in order > to update them. > > I just can't figure out how I can use CAS to get the groups of each user > out of LDAP. > > пятница, 31 августа 2018 г. в 22:17:12 UTC+3, waldbiec: > >> Bill, >> >> In `cas.properties`, in your LDAP section, you want a property like this: >> >> cas.authn.ldap[0].principalAttributeList=uid,givenName,sn:surname,mail:email,memberOf >> >> >> >> That says that the principal that is authenticated should get the above >> list of LDAP attributes. For the ones that have 2 items separated by a >> colon, that is just a rename from the LDAP attribute to the name that will >> be exposed via CAS. >> >> In your service file for an individual service, you specify what >> attributes from the above list you want to release. The following sections >> from a service file are an example: >> >> "attributeReleasePolicy" : { >> "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", >> "attributeFilter" : { >> "@class": >> "org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter", >> >> >> "patterns": { >> "@class" : "java.util.HashMap", >> "memberOf": "cn=administrators,ou=groups,dc=example,dc=org" >> }, >> "excludeUnmappedAttributes": false, >> "completeMatch": false, >> "order": 0 >> }, >> "allowedAttributes" : [ "java.util.ArrayList", >> [ >> "uid", >> "memberOf", >> "email", >> "givenName", >> "surname" >> ] >> ] >> }, >> >> The "attributeReleasePolicy" is used to filer the "memberOf" attribute >> down to a specific value (because he attribute is multi-valued, and you >> usually only want to release only one or a few of the values to a service). >> The "allowedAttributes" section specifies what attributes from the >> principal will be released at all. >> >> Thanks, >> Carl Waldbieser >> ITS Identity Management >> Lafayette College >> >> ----- Original Message ----- >> From: "Bill Scully" <[email protected]> >> To: "cas-user" <[email protected]> >> Sent: Friday, 31 August, 2018 15:00:09 >> Subject: [cas-user] CAS 5.2 Passing LDAP Attributes to Application >> >> Hi, >> >> I'm having a hard time getting my head around where to start configuring >> CAS to provide LDAP attributes to the "RegisteredService" / application >> after authentication. I'm assuming there are 2 areas that I need to >> configure, cas.properties and service JSON files, but navigating the >> documentation to find what I need has been beyond me up to this point. >> >> Can someone kindly point me to the right areas >> of https://apereo.github.io/cas/5.2.x/ or give me some tips on where I >> can >> figure out how to retrieve certain attributes from LDAP and share those >> selected values with the application? I hope I'm using "application" >> properly. >> >> Thanks, >> >> Bill >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac28e9bc-9bdf-4d1d-9d59-d99ad23d2dc9%40apereo.org. >> >> >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bffedc5b-da63-4b19-8c7b-aa6fc349dd6en%40apereo.org.
