Hi,
just wanted to check if anyone has updates on this issue. Has it been
addressed in newer versions? Or is it no longer possible to get the
surrogate authentication attributes into the JWT via configuration?
Best regards,
Udo
On Wednesday, September 4, 2024 at 2:42:36 PM UTC+2 Udo Einspanier wrote:
> Same problem here. Unfortunately, I have not found a solution yet. Maybe
> you could create a your own Groovy attribute resolver and release these as
> other attributes. But I have not tried it any workarounds yet. Still hoping
> for an easier solution.
>
> On Wednesday, September 4, 2024 at 12:41:42 PM UTC+2 Jorge Bastida Cano
> wrote:
>
>> hello, I'm still stuck on this. any ideas?
>>
>> El martes, 30 de julio de 2024 a las 9:18:47 UTC+2, Jorge Bastida Cano
>> escribió:
>>
>>> Same problem here. This does not happen to us with version 6.6.15.1.
>>> any solution for 6.6.15.2?
>>>
>>> El martes, 30 de julio de 2024 a las 2:33:40 UTC+2, Udo Einspanier
>>> escribió:
>>>
>>>> Hi everyone,
>>>>
>>>> we are using CAS as OIDC server and return the accessToken as JWT in
>>>> the authentication response. We just tried to upgrade from 6.6.2 to
>>>> 6.6.15.2.
>>>> But now all the CAS authentication-related attributes that were
>>>> previously part of the JWT access token are missing. and only the
>>>> attributes returned during attribute resolution are still there. E.g.
>>>> these
>>>> attributes are now missing:
>>>>
>>>> {
>>>> "surrogateUser": "yyy",
>>>> "longTermAuthenticationRequestTokenUsed": false,
>>>> "surrogateEnabled": "true",
>>>> "isFromNewLogin": true,
>>>> "authenticationDate": "2024-07-29T12:44:57.359913Z",
>>>> "surrogatePrincipal": "xxx",
>>>> "successfulAuthenticationHandlers":
>>>> "QueryDatabaseAuthenticationHandler",
>>>> "credentialType": "SurrogateUsernamePasswordCredential",
>>>> "authenticationMethod": "QueryDatabaseAuthenticationHandler",
>>>> ...
>>>> }
>>>>
>>>> From these, we require the surrogate* attributes.
>>>> Is it the intended behavior that these attributes are missing now? Is
>>>> there any configuration setting to get them back into the JWT access token?
>>>>
>>>> Thanks,
>>>> Udo
>>>>
>>>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c668dd93-9e94-4ecf-8533-ef188ffdd7c8n%40apereo.org.
