Hi everybody,
I am facing an issue with getting user info from CAS v6.4.5 as OIDC OP with
LDAP as source. The claims’ value from userinfo endpint is an array, not
string per spec.
How to config CAS to provide claims per spec as string?
*Results of /cas/oidc/profile:*
{
*"email"*:[
*"[email protected] <[email protected]>"*
],
*"name"*:[
*"jae liu"*
],
*"nickname"*:[
*"liu_jae"*
],
*"preferred_username"*:[
*"[email protected] <[email protected]> "*
],
*"sub"*:*"liu_jie"*,
*"service"*:*"http://127.0.0.1:5556/auth/callback
<http://127.0.0.1:5556/auth/callback>"*,
*"auth_time"*:*1642666074*,
*"id"*:*"liu_jae"*,
*"client_id"*:*"hc0vr9iYm9iPyi6M1MctxOtx71bokdMWKHbO"*,
*"aud"*:*"hc0vr9iYm9iPyi6M1MctxOtx71bokdMWKHbO"*,
*"iat"*:*1642671699*,
*"iss"*:*null*,
*"jti"*:*"7be481a8-7ad5-4011-817e-6a2418ddc19b"*
}
*We can see the value of email, name, preferred_username are list, these
claims are map from ldap attributes.*
*Following are debug log:*
DEBUG [org.apereo.cas.authentication.CoreAuthenticationUtils] - <Merged
attributes with the final result as [
{
clientIpAddress=[192.168.xx.xx9],
commonName=[jae],
authenticationDate=[1642666074],
mail=[[email protected]],
sAMAccountName=[liu_jae],
displayName=[jae liu)],
successfulAuthenticationHandlers=[yozo],
givenName=[jae],
userAgent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0)
Gecko/20100101 Firefox/96.0],
dn=[CN=liu_jae,OU=xxxx,OU=xxxx,DC=xx,DC=local],
credentialType=[UsernamePasswordCredential],
authenticationMethod=[yozo],
serverIpAddress=[172.16.xx.xx],
sn=[liu_jae],
userPrincipalName=[[email protected]]
}]>
DEBUG
[org.apereo.cas.authentication.principal.RegisteredServicePrincipalAttributesRepository]
- <Using [liu_jae], no caching/update takes place for
[DefaultPrincipalAttributesRepository] to add attributes [
{
oauthClientId=[hc0vr9iYm9iPyi6M1MctxOtx71bokdMWKHbO],
name=[jae liu)], nickname=[liu_jae],
preferred_username=[[email protected]],
email=[[email protected]]
}
]>
DEBUG [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] -
<Attempting to map and filter claims based on resolved attributes [
{
email=[[email protected]],
name=[jae liu],
nickname=[liu_jae],
oauthClientId=[hc0vr9iYm9iPyi6M1MctxOtx71bokdMWKHbO],
preferred_username=[[email protected]]
}
]>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/31950134-9e9a-4c76-9e89-3fd876aaadc3n%40apereo.org.
