LDAP user attributes from CAS

Question

Hi i am using CAS for single sign-on in my application(spring application). I was able to login with CAS ,i am getting the username only but not email or any other attributes from CAS.

For authentication in CAS side i am using LDAP and configured in deployerConfigContext.xml below is the code

In the authenticationManager added the below code

<property name="credentialsToPrincipalResolvers">
<list>
     <bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
            <property name="credentialsToPrincipalResolver">
                <bean
                    class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
            </property>
            <property name="filter" value="sAMAccountName=%u" />
            <property name="principalAttributeName" value="sAMAccountName" />
            <property name="searchBase" value="DC=test,DC=com" />
            <property name="contextSource" ref="LDAPcontextSource" />
            <property name="attributeRepository">
                <ref bean="attributeRepository" />
            </property>
        </bean>
</list>
</property>

And used the LdapPersonAttributeDao

 <bean id="attributeRepository"
        class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
        <property name="baseDN" value="cn=test,ou=test,dc=test,dc=com" />
        <property name="contextSource" ref="LDAPcontextSource" />
        <property name="requireAllQueryAttributes" value="true" />
        <property name="queryAttributeMapping">
            <map>
                <entry key="username" value="sAMAccountName" />
            </map>
        </property>
        <property name="resultAttributeMapping">
            <map>
                <entry key="displayName" value="cn" />
                <entry key="mail" value="email" />
            </map>
        </property>
    </bean>

I have read some posts and find that to add allowedAttributes property in the configuration below is the configuration

    <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
        <property name="registeredServices">
            <list>
                <bean class="org.jasig.cas.services.RegisteredServiceImpl">
    <property name="id" value="0" />
    <property name="name" value="HTTP" />
    <property name="description" value="Only Allows HTTP Urls" />
    <property name="serviceId" value="http://**" />
    <property name="allowedAttributes">
        <list>
            <value>cn</value>
            <value>mail</value>
        </list>
    </property>
</bean>

In my application side i have written class to get username and email below is the code

    public class RestAuthenticationUserDetailsService implements AuthenticationUserDetailsService<CasAssertionAuthenticationToken> {

    @Override
    public UserDetails loadUserDetails(CasAssertionAuthenticationToken token)
            throws UsernameNotFoundException {
        Object principal = token.getPrincipal();
        String username = token.getName();
        LOGGER.info(username);

        Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        return new User(username, "", authorities);
    }

}

I was getting the username but not getting other attributes like email. When i am debugging i am seeing in principal attributes are empty.

Can someone help me on this how to get attributes to my application Thanks in advance.

Answer 1

I see in config in deployerConfigContext.xml. 1. In , key is LDAP entry attributes, value is Principal's (value) 2. in , you should allow value in Principal (example displayName & mail)

Hope it help you, cheer !