CAS and Active Directory – LDAP Attributes

CASCAS is an Open Source  Single Sign On Server – Iit can be integrated with both AD and LDAP. The task is easy if you know Spring and Tomcat –

The problem is to get the AD/LDAP attributes with CAS Client. Following the documents above you are able to login against CAS but not to visualize in your application the mapped attributes.

Just a note in authenticationManager – deployerConfigContext.xml – change the credentianToPrincipalResolvers

 <property name="credentialsToPrincipalResolvers">

                        <bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
                                <property name="credentialsToPrincipalResolver">
                                        <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"/>
                                <property name="filter" value="(sAMAccountName=%u)"/>
                                <property name="principalAttributeName" value="sAMAccountName"/>
                                <property name="searchBase" value="cn=Users,dc=pssupport"/>
                                <property name="contextSource" ref="contextSource"/>
                                <property name="attributeRepository">
                                        <ref bean="attributeRepository"/>

This because CAS need to be configured in order to expose attributes. You have two ways to to that:

Using CAS services console (https://localhost:8433/cas/services). If this is not enable add the user to ROLE_ADMIN in deployerConfigContext.xml and configure CAS properties – Once you are in you can configure the attributes to visualize.


Setup the to expose by default the attributes. To do so edit the deployerConfigContext.xml, locate the deployerConfigContext.xml and add to HTTP and HTTPS registeredServices the allowedAttributes property as in this example

<bean class="">
                        <property name="id" value="0" />
                        <property name="name" value="HTTP" />
                        <property name="description" value="Only Allows HTTP Urls" />
                        <property name="serviceId" value="http://**" />
                        <property name="allowedAttributes">

restart CAS, login with your client and you should see now the attributes.

6 thoughts on “CAS and Active Directory – LDAP Attributes

  1. If i had not got your blog here , i would have spent hours on searching correctly the mechanisms to implement AD versus CAS.

  2. Hello all, I am pretty new with CAS. I need deep help from you. I could setup CAS, but what I have now is userID=password and I want to change this authentication to Active Directory and LDAP.

    anytime I make some changes in deployerConfigContext.xml and replace
    with somethings that I googled , I get error below.
    HTTP Status 404 – /cas

    type Status report

    message /cas

    description The requested resource (/cas) is not available.
    Apache Tomcat/7.0.21
    Please help me if anyone know how too setup CAS + Active Directory and LDAP

  3. Hi,
    When I go to services manager, I cannot see further fields to choose from. LIke you have shown under your screen shot that you have fields such as

    But I only have

    any ideas why I am not getting other attributes?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s