Search code examples
cas

CAS: Attributes don't show up at CAS client

I can't get the attributes to the CAS client. I did some research and try to find out how to forward attributes to a CAS client.

In the cas.properties I set this:

 cas.principal.resolver.persondir.return.null=false

I added this dependency:

    <dependency>
        <groupId>org.apache.commons</groupId>
        <artifactId>commons-collections4</artifactId>
        <version>4.1</version>
    </dependency>

This is my servicesRegistry.conf:

{
    "services":[
        {
            "id":1,
            "serviceId":"https://localhost:8743/**",
            "name":"HELLO_WORLD",
            "description":"WEBAPP FOR TESTS",
            "theme":"my_example_webapp",
            "allowedToProxy":true,
            "enabled":true,
            "ssoEnabled":true,
            "anonymousAccess":false,
            "evaluationOrder":1,
            "attributeReleasePolicy" : {
                "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
                "principalAttributesRepository" : {
                    "@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository"
                },
                "allowedAttributes" : [ "java.util.ArrayList", [ "cn", "description", "telephoneNumber" ] ]
            }   
        },

        {
            "id":2,
            "serviceId":"https://yahoo.com",
            "name":"YAHOO",
            "description":"Test service with exact match on its serviceId and optional extra attributes",
            "extraAttributes":{
                "someCustomAttribute":"Custom attribute value"
            },
            "evaluationOrder":2
        }
    ]
}

My ldapAuthenticationHandlerlooks like this:

<bean id="ldapAuthenticationHandler"
        class="org.jasig.cas.authentication.LdapAuthenticationHandler"
              p:principalIdAttribute="cn"
              c:authenticator-ref="authenticator">
            <property name="principalAttributeMap">
                <map>
                    <entry key="cn" value="cn" />
                    <entry key="description" value="description" />
                    <entry key="telephoneNumber" value="telephoneNumber" />
                </map>
            </property>
    </bean>

And my authenticationHandlersResolvers like this:

<util:map id="authenticationHandlersResolvers">
    <entry key-ref="ldapAuthenticationHandler" value="#{null}" />
</util:map>

And here is my attributeRepository:

<bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
          p:backingMap-ref="attrRepoBackingMap" />

<util:map id="attrRepoBackingMap">
        <entry key="cn" value="cn" />
        <entry key="description" value="description" />
        <entry key="telephoneNumber" value="telephoneNumber" />
        <entry>
            <key><value>memberOf</value></key>
            <list>
                <value>faculty</value>
                <value>staff</value>
                <value>org</value>
            </list>
        </entry>
    </util:map>

And at the client side I do this (edited version with out null check etc):

AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal();
final Map attributes = principal.getAttributes();
Iterator attributeNames = attributes.keySet().iterator();
String attributeName = (String) attributeNames.next();

However, I don't get any attributes. What am I missing?

EDIT:

I read in another thread that I have to change Cas20ProxyReceivingTicketValidationFilterto Cas30ProxyReceivingTicketValidationFilter, but that didn't change anything:

<filter>
        <filter-name>CAS Validation Filter</filter-name>
            <filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>

        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://localhost:8943/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>https://localhost:8743</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>useSession</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
Solution

  • My problem was the servicesRegistry.conf. It didn't work for some reason and I couldn't figure out why.

    If you have problem using the servicesRegistry.conf file, I recommend you use this inside your deployerConfigContext.xml:

    <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
        <property name="registeredServices">
            <list>
                <bean class="org.jasig.cas.services.RegexRegisteredService"
                      p:id="5" p:name="https.all" p:description="Allow HTTPS connection"
                      p:serviceId="^https://.*" p:evaluationOrder="5"  >

                    <property name="attributeReleasePolicy">
                        <bean class="org.jasig.cas.services.ReturnAllAttributeReleasePolicy" />
                    </property>
                </bean>
            </list>
        </property>
    </bean>

    This will allow all services that have an URL that fits the regex ^https://.*.