Logging additional attributes values
|
|
aruhi
|
Following is the extract from deployerConfigContext.xml :-
... <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> <!-- The Principal resolver form the credentials --> <property name="credentialsToPrincipalResolver"> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> </property> <!-- The query made to find the Principal ID. "%u" will be replaced by the resolved Principal --> <property name="filter" value="(netID=%u)" /> <!-- The attribute used to define the new Principal ID --> <property name="principalAttributeName" value="netID" /> <property name="searchBase" value="ou=people,dc=xxx,dc=edu" /> <property name="contextSource" ref="contextSource" /> <property name="attributeRepository"> <ref bean="attributeRepository" /> </property> </bean> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" scope="SearchControls.SUBTREE_SCOPE" lazy-init="true"> <property name="filter" value="(netID=%u)" /> <property name="searchBase" value="ou=people,dc=xxx,dc=edu" /> <property name="contextSource" ref="contextSource" /> </bean> </list> </property> </bean> <bean id="userDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource"><ref bean="dataSource"/></property> </bean> <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="baseDN" value="ou=people,dc=xxx,dc=edu" /> <property name="query" value="(netID={0})" /> <property name="contextSource" ref="contextSource" /> <property name="ldapAttributesToPortalAttributes"> <map> <entry key="netID" value="netID" /> <entry key="uin" value="uin" /> <entry key="uid" value="uid" /> <entry key="status" value="status" /> </map> </property> </bean> ... <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="urls"> <list> <value>ldaps://operator.xxx.edu/</value> </list> </property> <property name="userName" value="cn=xxxxx,ou=dsa,dc=xxx,dc=edu" /> <property name="password" value="xxxxxx" /> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.authentication</value> </key> <value>simple</value> </entry> </map> </property> </bean> ... Few additional attributes are extracted as specified in bean 'attributeRepository'. I need to log in the cas server logs, the values extracted for these additional attributes for each user successfully authenticated user. How can I do that and in which class can such a log message be added ??? Please advice. Thanks Aruhi -- You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user |
||||||||||||||||
Shi Yusen
|
Perhaps this would help you:
http://www.ja-sig.org/wiki/display/CASC/CASifying+OpenCms Regards, Shi Yusen/Beijing Langhua Ltd. 在 2009-07-09四的 15:00 -0500,aruhi写道: > Following is the extract from deployerConfigContext.xml :- > > > > ... > <bean id="authenticationManager" > class="org.jasig.cas.authentication.AuthenticationManagerImpl"> > > <property name="credentialsToPrincipalResolvers"> > <list> > <bean > class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> > <!-- The Principal resolver form the credentials --> > <property name="credentialsToPrincipalResolver"> > <bean > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> > </property> > <!-- The query made to find the Principal ID. "%u" will be replaced by the resolved Principal --> > <property name="filter" value="(netID=%u)" /> > > <!-- The attribute used to define the new Principal ID --> > > <property name="principalAttributeName" value="netID" /> > > <property name="searchBase" > value="ou=people,dc=xxx,dc=edu" /> > <property name="contextSource" ref="contextSource" /> > > <property name="attributeRepository"> > <ref bean="attributeRepository" /> > </property> > </bean> > <bean > class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> > </list> > </property> > > > <property name="authenticationHandlers"> > <list> > > <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" > p:httpClient-ref="httpClient" /> > > <bean > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" scope="SearchControls.SUBTREE_SCOPE" lazy-init="true"> > <property name="filter" value="(netID=%u)" /> > <property name="searchBase" value="ou=people,dc=xxx,dc=edu" /> > <property name="contextSource" ref="contextSource" /> > </bean> > </list> > </property> > </bean> > > > > <bean id="userDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl"> > <property name="dataSource"><ref bean="dataSource"/></property> > </bean> > > > <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> > <property name="baseDN" value="ou=people,dc=xxx,dc=edu" /> > <property name="query" value="(netID={0})" /> > <property name="contextSource" ref="contextSource" /> > <property name="ldapAttributesToPortalAttributes"> > <map> > <entry key="netID" value="netID" /> > <entry key="uin" value="uin" /> > <entry key="uid" value="uid" /> > <entry key="status" value="status" /> > </map> > </property> > </bean> > > ... > > <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="urls"> > <list> > <value>ldaps://operator.xxx.edu/</value> > </list> > </property> > <property name="userName" value="cn=xxxxx,ou=dsa,dc=xxx,dc=edu" /> > <property name="password" value="xxxxxx" /> > <property name="baseEnvironmentProperties"> > <map> > <entry> > <key> > <value>java.naming.security.authentication</value> > </key> > <value>simple</value> > </entry> > </map> > </property> > </bean> > ... > > > > > > Few additional attributes are extracted as specified in bean 'attributeRepository'. > > I need to log in the cas server logs, the values extracted for these additional attributes for each user successfully authenticated user. > > How can I do that and in which class can such a log message be added ??? > > Please advice. > > Thanks > Aruhi > -- You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user |
||||||||||||||||
Andrew Feller
|
In reply to this post
by aruhi
Aruhi,
I am looking at the source for successful SAML responses in CAS 3.3.3 ( https://www.ja-sig.org/svn/cas3/tags/cas-3-3-3-final/cas-server-core/src/mai n/java/org/jasig/cas/web/view/Saml10SuccessResponseView.java ) and don't see anything any logging in the class whatsoever. Please create a JIRA issue ( http://www.ja-sig.org/issues/browse/CAS ) and I am sure it will be included in the next release. Outside of waiting for the next release, it appears that the attributes are associated with the Authentication object for the user. Perhaps you can create a custom Spring WebFlow action and introduce it after the "bindAndValidate" or "submit" actions. *shrug* I would atleast do the JIRA route as Scott B. is great about logging requests ;) A- On 7/9/09 3:00 PM, "aruhi" <[hidden email]> wrote: > Following is the extract from deployerConfigContext.xml :- > > > > ... > <bean id="authenticationManager" > class="org.jasig.cas.authentication.AuthenticationManagerImpl"> > > <property name="credentialsToPrincipalResolvers"> > <list> > <bean > > class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrinci > palResolver"> > <!-- The Principal resolver form the credentials --> > <property name="credentialsToPrincipalResolver"> > <bean > > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPri > ncipalResolver" /> > </property> > <!-- The query made to find the Principal ID. "%u" will be > replaced by the resolved Principal --> > <property name="filter" value="(netID=%u)" /> > > <!-- The attribute used to define the new Principal ID --> > > <property name="principalAttributeName" value="netID" /> > > <property name="searchBase" > value="ou=people,dc=xxx,dc=edu" /> > <property name="contextSource" ref="contextSource" /> > > <property name="attributeRepository"> > <ref bean="attributeRepository" /> > </property> > </bean> > <bean > > class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPri > ncipalResolver" /> > </list> > </property> > > > <property name="authenticationHandlers"> > <list> > > <bean > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredential > sAuthenticationHandler" > p:httpClient-ref="httpClient" /> > > <bean > > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" > scope="SearchControls.SUBTREE_SCOPE" lazy-init="true"> > <property name="filter" > value="(netID=%u)" /> > <property name="searchBase" > value="ou=people,dc=xxx,dc=edu" /> > <property name="contextSource" > ref="contextSource" /> > </bean> > </list> > </property> > </bean> > > > > <bean id="userDetailsService" > class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl"> > <property name="dataSource"><ref > bean="dataSource"/></property> > </bean> > > > <bean id="attributeRepository" > class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> > <property name="baseDN" value="ou=people,dc=xxx,dc=edu" /> > <property name="query" value="(netID={0})" /> > <property name="contextSource" ref="contextSource" /> > <property name="ldapAttributesToPortalAttributes"> > <map> > <entry key="netID" value="netID" /> > <entry key="uin" value="uin" /> > <entry key="uid" value="uid" /> > <entry key="status" value="status" /> > </map> > </property> > </bean> > > ... > > <bean id="contextSource" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="urls"> > <list> > <value>ldaps://operator.xxx.edu/</value> > </list> > </property> > <property name="userName" > value="cn=xxxxx,ou=dsa,dc=xxx,dc=edu" /> > <property name="password" value="xxxxxx" /> > <property name="baseEnvironmentProperties"> > <map> > <entry> > <key> > <value>java.naming.security.authentication</value> > </key> > <value>simple</value> > </entry> > </map> > </property> > </bean> > ... > > > > > > Few additional attributes are extracted as specified in bean > 'attributeRepository'. > > I need to log in the cas server logs, the values extracted for these > additional attributes for each user successfully authenticated user. > > How can I do that and in which class can such a log message be added ??? > > Please advice. > > Thanks > Aruhi -- Andrew Feller, Analyst LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user |
||||||||||||||||
Marvin Addison
|
In reply to this post
by aruhi
> I need to log in the cas server logs, the values extracted for these additional attributes for each user successfully authenticated user.
org.jasig.services.persondir.support.ldap.PersonAttributesMapper is the logger you need. Turn it up to DEBUG and you'll see the following in the logs after authentication: 2009-07-10 08:37:28,207 DEBUG [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - Added 1 attributes under mapped names '[accountState]' for source attribute 'accountState' Hope that helps, M -- You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user |
||||||||||||||||
|
Marvin Addison
|
In reply to this post
by Andrew Feller
> I am looking at the source for successful SAML responses in CAS 3.3.3 (
> https://www.ja-sig.org/svn/cas3/tags/cas-3-3-3-final/cas-server-core/src/mai > n/java/org/jasig/cas/web/view/Saml10SuccessResponseView.java ) and don't see > anything any logging in the class whatsoever. > > Please create a JIRA issue ( http://www.ja-sig.org/issues/browse/CAS ) and I > am sure it will be included in the next release. I'm very glad you brought this up. Our implementation of the SAML protocol was much tougher than it needed to be due to the lack of logging. +1 for adding additional logging. M -- You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user |
||||||||||||||||
| Free Embeddable Forum Powered by Nabble | Help |
