CAS 6.6.8 JDBC attribute repository not using principal for search

Question

Using CAS 6.6.8.

I have users than can login with a user name like "jsmith" or with an email like "[email protected]".

I have user attributes stored in db as the user name, in this case jsmith.

I'm setting my principle id from ldap as:

cas.authn.ldap[0].principalAttributeId: uid

I have my repository query setup as:

cas.authn.attribute-repository.jdbc[0].sql=select a, b, c from user_table where {0}
cas.authn.attributeRepository.jdbc[0].username=USER_ID

This works fine when user logins with username, but does not return results when logging in with email address. Enabling debug statement shows the CredentialId is being used in the query and not the principle id.

Is this a bug or a misconfig?

Answer 1

You need to instruct your attribute repository to use a special attribute when building the query and this special attribute should be the identifier of the authenticated principal which is usually called principal. That is, when user authenticates whether by email or username the authenticated principal is first uid and this principal id would then be used in the query if you configure the repository to use principal as the query attribute.

A 2 minute search would lead you to

cas.authn.attribute-repository.jdbc[0].username=

And if you set this setting to principal it might just work.