Already able to release attributes from authentication source (LDAP). These
attribute definitions are an attempt to add scope to attributes from that
authentication source.
For example using uid from LDAP to define an eduPersonPrincipalName:
{
@class: java.util.TreeMap
eduPersonPrincipalName: {
@class: org.apereo.cas.authentication.attribute.DefaultAttributeDefinition
key: eduPersonPrincipalName
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
friendlyName: eduPersonPrincipalName
scoped: true
attribute: uid
}
My understanding is that this should take the attribute “uid”, from the person
directory, and append the value of cas.server.scope as a domain scope.
uid = user1
cas.server.scope= example.org
Which results in:
[email protected]
My experience is that defining
“cas.person-directory.attribute-definition-store.json.location” in the
cas.properties file has no effect and that enabling debugging in CAS does not
identify any errors, or any indicators at all, that this feature is working.
I’m assuming that I’m lacking some configuration or that my understanding of
how this should work is incorrect.
From: Pablo Vidaurri <[email protected]>
Sent: Wednesday, February 2, 2022 4:30 PM
To: CAS Community <[email protected]>
Cc: King, Robert <[email protected]>
Subject: [EXTERNAL SENDER] Re: Attribute Definitions in 6.3.x?
Have you tried this in your cas.properties:
cas.authn.attributeRepository.core.defaultAttributesToRelease=foo,bar,mail,name
the values you provide are comma delimited attributes from you sources such as
ldap, active directory, db, static.
On Wednesday, February 2, 2022 at 9:08:21 AM UTC-6
[email protected]<mailto:[email protected]> wrote:
I am attempting to utilize the attribute definitions feature, and I have hit a
wall.
Reference used:
https://apereo.github.io/cas/6.3.x/integration/Attribute-Definitions.html
Implemented in my cas.properties:
cas.person-directory.attribute-definition-store.json.location=file:/etc/cas/config/attributes.json
With the contents of /etc/cas/config/attributes.json:
{
"@class" : "java.util.TreeMap",
"testName" : {
"@class" :
"org.apereo.cas.authentication.attribute.DefaultAttributeDefinition",
"key" : "testName",
"name" : "testName",
"scoped" : true,
"attribute" : "uid"
}
}
I have turned on the following debug in log4j2.xml:
<AsyncLogger name="org.apereo" level="debug” includeLocation="true"/>
When I start up the CAS server there does not seem to be anything related to
the attribute definitions present. Hitting up the discovery profile actuator
does not list the defined attributes in the “availableAttributes”. There is no
logging in relation to the attribute definitions configuration.
I am aware that we could do custom attributes via return mapped and groovy
inline scripting, but we want something more broadly available to all services
instead of per service entry custom attributes.
Does anyone have any guidance/ideas on how to get attribute definition feature
up and running?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c134b38126724e42b83c155f7e2236d0%40mun.ca.
