Marcel,
principalAttributeList is for resolving attributes on authentication. If you
want to retrieve attributes after the fact or perhaps from a different data
source,
https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#authentication-attributes
Ray
On Thu, 2020-11-26 at 07:06 -0800, Marcel Fromkorth wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hello,
I'm trying to configure the surrogate authentication support over ldap
authentication.
All this happens on CAS Version 6.2.5.
The problem is, that the surrogate user principal has no attributes, which
should be mapped from ldap. I want, that the surrogateUser principal will get
his ldap attributes. For the primary user it works fine.
I only got: Surrogate access is denied. The principal does not have the
required attributes [{attributes=[testAttribute]}] -> which are defined in the
service at "surrogateRequiredAttributes".
In the Debug logs i could see this:
<Found surrogate principal [SimplePrincipal(id=testuser, attributes={})]>
Some logs earlier i can see, that the ldap user for surrogate is found
sucessfully and all needed attributes exists. -> so i think, that something
with the principal resolution doesnt work.
here an snippet of my cas.properties:
cas.authn.surrogate.ldap.searchFilter=uid:caseExactMatch:={user}
cas.authn.surrogate.ldap.surrogateSearchFilter=uid:caseExactMatch:={surrogate}
cas.authn.surrogate.principal.attribute-resolution-enabled=true
cas.authn.surrogate.principal.principal-attribute=attributes
I switched the accessStrategy in my services to
SurrogateRegisteredServiceAccessStrategy.
So.. i dont know, why the attributes of the surrogate user wont mapped into the
surrogate user principal. For the primary user it works fine(by the primary
user I used cas.authn.ldap[0].principalAttributeList=attributes --> works
fine).
But in the documentation, it seems that there only exists the attribute
"principal-attribute" for this type of setting.
Can someone help me here?
Greetings and thank you.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/34e80379a71862a83b763652027196a36e1573c8.camel%40uvic.ca.
