CODEWITHSUNDEEP
javaspringsingle-sign-oncas
Ani
Ani

Reputation: 742

CAS 4.2 get LDAP attributes

I am using the below configuration to successfully get LDAP attribute values and I could see those values in log file.

<bean id="ldapAuthenticationHandler"
        class="org.jasig.cas.authentication.LdapAuthenticationHandler"
              p:principalIdAttribute="sAMAccountName"
              c:authenticator-ref="authenticator">
            <property name="principalAttributeMap">
                <map>
                    <entry key="displayName" value="simpleName" />
                    <entry key="mail" value="email" />
                    <entry key="memberOf" value="membership" />
                </map>
            </property>
    </bean>

Now how can I send these attributes to client?

This is the default attributeRepository in my deployerConfigContext.xml:

<bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
          p:backingMap-ref="attrRepoBackingMap" />

 <util:map id="attrRepoBackingMap">
    <entry key="uid" value="uid" />
    <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
    <entry key="groupMembership" value="groupMembership" />
    <entry>
        <key><value>memberOf</value></key>
        <list>
            <value>faculty</value>
            <value>staff</value>
            <value>org</value>
        </list>
    </entry>
</util:map>

Is there a way to populate attributeRepository with principalAttributeMap?

Its throwing exception when I remove attributeRepository from deployerConfigContext.xml.

As per this document https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html, LdapAuthenticationHandler is capable of resolving and retrieving principal attributes independently without the need for extra principal resolver machinery. If so, how can we return those attributes to clients?

Upvotes: 1

Views: 768

Answers (1)

Ani
Ani

Reputation: 742

As per this documentation https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html,

If you do decide to let the authentication handler retrieve attributes instead of a separate principal resolver, you will need to ensure the linked resolver is made inactive:

<util:map id="authenticationHandlersResolvers">
   ...
   <entry key-ref="ldapAuthenticationHandler" value="#{null}" />
</util:map>

After making this change, it started working.

Upvotes: 1

Related Questions