Reputation: 231
Hi i am using CAS for single sign-on in my application(spring application). I was able to login with CAS ,i am getting the username only but not email or any other attributes from CAS.
For authentication in CAS side i am using LDAP and configured in deployerConfigContext.xml below is the code
In the authenticationManager added the below code
<property name="credentialsToPrincipalResolvers">
<bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<property name="credentialsToPrincipalResolver">
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
<property name="filter" value="sAMAccountName=%u" />
<property name="principalAttributeName" value="sAMAccountName" />
<property name="searchBase" value="DC=test,DC=com" />
<property name="contextSource" ref="LDAPcontextSource" />
<property name="attributeRepository">
<ref bean="attributeRepository" />
And used the LdapPersonAttributeDao
<bean id="attributeRepository"
<property name="baseDN" value="cn=test,ou=test,dc=test,dc=com" />
<property name="contextSource" ref="LDAPcontextSource" />
<property name="requireAllQueryAttributes" value="true" />
<property name="queryAttributeMapping">
<entry key="username" value="sAMAccountName" />
<property name="resultAttributeMapping">
<entry key="displayName" value="cn" />
<entry key="mail" value="email" />
I have read some posts and find that to add allowedAttributes property in the configuration below is the configuration
<bean id="serviceRegistryDao" class="">
<property name="registeredServices">
<bean class="">
<property name="id" value="0" />
<property name="name" value="HTTP" />
<property name="description" value="Only Allows HTTP Urls" />
<property name="serviceId" value="http://**" />
<property name="allowedAttributes">
In my application side i have written class to get username and email below is the code
public class RestAuthenticationUserDetailsService implements AuthenticationUserDetailsService<CasAssertionAuthenticationToken> {
public UserDetails loadUserDetails(CasAssertionAuthenticationToken token)
throws UsernameNotFoundException {
Object principal = token.getPrincipal();
String username = token.getName();;
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
return new User(username, "", authorities);
I was getting the username but not getting other attributes like email. When i am debugging i am seeing in principal attributes are empty.
Can someone help me on this how to get attributes to my application Thanks in advance.
Upvotes: 1
Views: 752
Reputation: 133
I see in config in deployerConfigContext.xml. 1. In , key is LDAP entry attributes, value is Principal's (value) 2. in , you should allow value in Principal (example displayName & mail)
Hope it help you, cheer !
Upvotes: 1