//
archives

active directory

This tag is associated with 1 post

CAS and Active Directory – LDAP Attributes

Posted by 5 Comments

CASCAS is an Open Source  Single Sign On Server - http://www.jasig.org/cas. Iit can be integrated with both AD and LDAP. The task is easy if you know Spring and Tomcat - https://wiki.jasig.org/display/CASUM/LDAPhttps://wiki.jasig.org/display/CASUM/SAML+1.1.

The problem is to get the AD/LDAP attributes with CAS Client. Following the documents above you are able to login against CAS but not to visualize in your application the mapped attributes.

Just a note in authenticationManager – deployerConfigContext.xml - change the credentianToPrincipalResolvers

 <property name="credentialsToPrincipalResolvers">
                        <list>

                        <bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
                                <property name="credentialsToPrincipalResolver">
                                        <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"/>
                                </property>
                                <property name="filter" value="(sAMAccountName=%u)"/>
                                <property name="principalAttributeName" value="sAMAccountName"/>
                                <property name="searchBase" value="cn=Users,dc=pssupport"/>
                                <property name="contextSource" ref="contextSource"/>
                                <property name="attributeRepository">
                                        <ref bean="attributeRepository"/>
                                </property>
                        </bean>
                </list>
   </property>

This because CAS need to be configured in order to expose attributes. You have two ways to to that:

Using CAS services console (https://localhost:8433/cas/services). If this is not enable add the user to ROLE_ADMIN in deployerConfigContext.xml and configure CAS properties - https://wiki.jasig.org/display/CASUM/Configuring. Once you are in you can configure the attributes to visualize.

 

Setup the org.jasig.cas.services.InMemoryServiceRegistryDaoImpl to expose by default the attributes. To do so edit the deployerConfigContext.xml, locate the deployerConfigContext.xml and add to HTTP and HTTPS registeredServices the allowedAttributes property as in this example

<bean class="org.jasig.cas.services.RegisteredServiceImpl">
                        <property name="id" value="0" />
                        <property name="name" value="HTTP" />
                        <property name="description" value="Only Allows HTTP Urls" />
                        <property name="serviceId" value="http://**" />
                        <property name="allowedAttributes">
                  <list>
                        <value>cn</value>
                        <value>name</value>
                        <value>givenName</value>
                        <value>displayName</value>
                        <value>userPrincipalName</value>
                        <value>sAMAAccountName</value>
                        <value>telephone</value>
                        <value>mail</value>
                        <value>memberOf</value>
                  </list>
                </property>

restart CAS, login with your client and you should see now the attributes.


Twitter Updates

Pool

Follow

Get every new post delivered to your Inbox.

Join 67 other followers