Hi.
Try this:
usernameAttributeProvider:
{
@class:
org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider
usernameAttribute: mail
}
D.
On Mon, Oct 23, 2023 at 2:53 PM atilling <atill...@conncoll.edu> wrote:
> Working on a SAML integration where the subject needs to be the user's
> email address but despite the changes I've made it still releases the
> username attribute.
>
> usernameAttributeProvider:
> {
> @class:
> org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider
> usernameAttribute: userPrincipalName
> }
> ...
> requiredNameIdFormat:
> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
>
> In cas.properties we are defining the attribute
>
> cas.authn.attribute-repository.ldap[0].attributes.eduPersonPrincipalName=mail
>
> I found it odd that the service manager is giving userPrincipalName as the
> "username attribute" and not mail as mapped.
>
> Looking at the attribute release in the response XML I see that the
> subject is still the username and the mail attribute is populated.
> <?xml
> version="1.0"
> encoding="UTF-8"?>
> <saml2p:Response
> Destination="https://sitedown.conncoll.edu/";
> ID="_972320461405286400"
> InResponseTo="_07ccef8331e40d6e9c24c8a12ade2bd69884b1cbb6"
> IssueInstant="2023-10-23T17:39:07.378Z"
> Version="2.0"
> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
> <saml2:Issuer
> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
> https://casdev.conncoll.edu/idp
> </saml2:Issuer>
> <saml2p:Status>
> <saml2p:StatusCode
> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
> </saml2p:Status>
> <saml2:Assertion
> ID="_1333994532661421056"
> IssueInstant="2023-10-23T17:39:07.305Z"
> Version="2.0"
> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
> <saml2:Issuer>https://casdev.conncoll.edu/idp</saml2:Issuer>
> <ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <ds:SignatureMethod
> Algorithm="
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
> <ds:Reference
> URI="#_1333994532661421056">
> <ds:Transforms>
> <ds:Transform
> Algorithm="
> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> <ds:Transform
> Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256
> "/>
> <ds:DigestValue>
> gOBjXAhXqdT7adKVPNrxD43urSqJQgTtDjcj64Wa2NE=
> </ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
>
> <ds:SignatureValue>CIuSEDbZ97Yf8VnnA774OXFgGQ0Qw9+HcZX8SnOWWcMT+zb5CUEh3hsKkSlQYr4PeRsn1AxxwpGKdIl9HWLjeF97zPMglpguDiyACsUHNtYGbcmlCIX9WQ+lEUIbrdDwP9c8F632INvPF6ACI9DTDSbLrzA2xJT44X2z4EFAAxJJVK/5MFAyWCopZTiMHsGv6CZ7FKSSjBdYe+zacyL7ZmT1LbFfgV1HK6SL9L3ChRCS5bcQ9vui9pOJ9aiD6Hf6rcO6HZcMuQPMCqNlQilSVVverSypwXv8qFdGYuzy+qiByyc+
> xTjYR2NpBwECtttDMsZnfFfFxu91KusihOq2OA==
> </ds:SignatureValue>
> <ds:KeyInfo>
> <ds:KeyValue>
> <ds:RSAKeyValue>
>
> <ds:Modulus>nsveLo/KHlchZAHX+dNks7YJSIhIK2xReT1+Vp0EgUYB71DW1tpx9jdEP21PeroK1wjoptbEuoqHetvl5i8/0L/zhVPQFu5jcqQUUnCUEa26wJdtZcpSUzHgudSZM/EHABEMQ+xEqC0Bdty8f9d7AuckWon88+EgyEiW7PYFkc7jDzPHiMBdVyRKVnwMDJIz2WVz3i2q55akpfy2UNMEkJlhm+GgOOKkHKW166gkvXi93duX5hE1lmSufqpQjta2Ev2Lw3BdPhnnCOXBym+rtNI5kl5A5B/opjm4djUY7hCYIBQfqUsykyoGDheAoW7HCYaffg4z+
> Mu8TuwfjnDA0w==
> </ds:Modulus>
> <ds:Exponent>AQAB</ds:Exponent>
> </ds:RSAKeyValue>
> </ds:KeyValue>
> <ds11:DEREncodedKeyValue
> xmlns:ds11="http://www.w3.org/2009/xmldsig11#
> ">MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsveLo/KHlchZAHX+dNks7YJSIhIK2xR
>
> eT1+Vp0EgUYB71DW1tpx9jdEP21PeroK1wjoptbEuoqHetvl5i8/0L/zhVPQFu5jcqQUUnCUEa26
>
> wJdtZcpSUzHgudSZM/EHABEMQ+xEqC0Bdty8f9d7AuckWon88+EgyEiW7PYFkc7jDzPHiMBdVyRK
>
> VnwMDJIz2WVz3i2q55akpfy2UNMEkJlhm+GgOOKkHKW166gkvXi93duX5hE1lmSufqpQjta2Ev2L
>
> w3BdPhnnCOXBym+rtNI5kl5A5B/opjm4djUY7hCYIBQfqUsykyoGDheAoW7HCYaffg4z+Mu8Tuwf
> jnDA0wIDAQAB
> </ds11:DEREncodedKeyValue>
> </ds:KeyInfo>
> </ds:Signature>
> <saml2:Subject>
> <saml2:NameID
>
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
> NameQualifier="https://casdev.conncoll.edu/idp";
> SPNameQualifier="
> https://sitedown.conncoll.edu/wp-content/plugins/miniorange-saml-20-single-sign-on/
> ">atilling
> </saml2:NameID>
> <saml2:SubjectConfirmation
> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
> <saml2:SubjectConfirmationData
> Address="sitedown.conncoll.edu"
>
> InResponseTo="_07ccef8331e40d6e9c24c8a12ade2bd69884b1cbb6"
> NotOnOrAfter="2023-10-23T17:39:07.306Z"
> Recipient="https://sitedown.conncoll.edu/"/>
> </saml2:SubjectConfirmation>
> </saml2:Subject>
> <saml2:Conditions
> NotBefore="2023-10-23T17:39:07.348Z"
> NotOnOrAfter="2023-10-23T17:39:07.348Z">
> <saml2:AudienceRestriction>
> <saml2:Audience>
> https://sitedown.conncoll.edu/wp-content/plugins/miniorange-saml-20-single-sign-on/
> </saml2:Audience>
> </saml2:AudienceRestriction>
> </saml2:Conditions>
> <saml2:AuthnStatement
> AuthnInstant="2023-10-23T17:36:35.417Z"
> SessionIndex="_1170437499088431104"
> SessionNotOnOrAfter="2023-10-24T17:39:07.295Z">
> <saml2:SubjectLocality
> Address="136.244.218.11"/>
> <saml2:AuthnContext>
>
> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
> </saml2:AuthnContext>
> </saml2:AuthnStatement>
> <saml2:AttributeStatement>
> <saml2:Attribute
> FriendlyName="UserName"
> Name="UserName"
>
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml2:AttributeValue>atilling</saml2:AttributeValue>
> </saml2:Attribute>
> <saml2:Attribute
> FriendlyName="mail"
> Name="mail"
>
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml2:AttributeValue>atill...@conncoll.edu
> </saml2:AttributeValue>
> </saml2:Attribute>
> <saml2:Attribute
> FriendlyName="displayName"
> Name="displayName"
>
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml2:AttributeValue>Andrew P.
> Tillinghast</saml2:AttributeValue>
> </saml2:Attribute>
> <saml2:Attribute
> FriendlyName="cn"
> Name="cn"
>
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml2:AttributeValue>Andrew P.
> Tillinghast</saml2:AttributeValue>
> </saml2:Attribute>
> <saml2:Attribute
> FriendlyName="edupersonaffiliation"
> Name="edupersonaffiliation"
>
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml2:AttributeValue>STAFF</saml2:AttributeValue>
> <saml2:AttributeValue>EMPLOYEE</saml2:AttributeValue>
> <saml2:AttributeValue>MEMBER</saml2:AttributeValue>
> </saml2:Attribute>
> <saml2:Attribute
> FriendlyName="givenname"
> Name="givenname"
>
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml2:AttributeValue>Andrew</saml2:AttributeValue>
> </saml2:Attribute>
> <saml2:Attribute
> FriendlyName="departmentNumber"
> Name="departmentNumber"
>
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml2:AttributeValue>Information Services/Enterprise
> Systems</saml2:AttributeValue>
> </saml2:Attribute>
> <saml2:Attribute
> FriendlyName="memberof"
> Name="memberof"
>
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml2:AttributeValue>
> cn=EIS,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=staff,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=100000-901010-Information Services - Office of VP,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=Knowbe4,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=Knowbe4PII,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=DB_Users,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=CWUserEdit,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=AS2-083267125839-StataLocal,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=MAPS_LDAP,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=webadministrator,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=bbadm,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=Forti-Two Factor,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=Druva_InSync_Clients,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=knowbe4staff,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=meraki-tech,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=WirelessSU,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> <saml2:AttributeValue>
> cn=CWADMIN,
> ou=groups,
> dc=conncoll,
> dc=edu
> </saml2:AttributeValue>
> </saml2:Attribute>
> <saml2:Attribute
> FriendlyName="sn"
> Name="sn"
>
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml2:AttributeValue>Tillinghast</saml2:AttributeValue>
> </saml2:Attribute>
> </saml2:AttributeStatement>
> </saml2:Assertion>
> </saml2p:Response>
>
>
> Is there something I'm missing to get userPrincipalName/mail as the
> subject?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/855695d8-33bf-4858-a145-344fe91601a8n%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/855695d8-33bf-4858-a145-344fe91601a8n%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpiYKhdDQRiD0Dg%2Bq5iyWTuqC_2hMDBhOQfTikKBOTxt9Sf4A%40mail.gmail.com.
