There are options for principal resolution that allow you retrieve attributes for a principal that is mapped to a single DB record, or multiple DB records. Look into those, and if insufficient, write/script your own.
If you don’t know what attributes you’d be getting back from the resolver, then there is no way you can make a decision on what each app would receive. You’ve gotta know before you can design that rule. So either you end up releasing everything to the app, (which is probably a bad idea) or you think of some other fancy option like releasing things based on a predefined attribute name pattern…or you learn which attributes each app wants and you get those released out of the principal which is probably something you should do. -- Misagh From: Net Wolf <[email protected]> Reply: Net Wolf <[email protected]> Date: September 2, 2016 at 2:53:51 AM To: CAS Community <[email protected]> Cc: [email protected] <[email protected]>, [email protected] <[email protected]> Subject: Re: [cas-user] Access to RegexRegisteredService:serviceId from PrincipalResolver? Thanks Misagh. I'll take a look into release policies. However, I think only returning the 5 or so relevant records from the DB query seems more efficient. I also won't know in advance how many rows will be returned by the DB query or what they might be called. On Friday, September 2, 2016 at 9:36:35 PM UTC+12, Misagh Moayyed wrote: Once you have your principal resolver produce a principal with 1000 roles and attributes inside it, all you then have to do is set up attribute release policies to decide what each service would be getting. Either all, or a selection of your “roles” inside the produced principal. -- Misagh -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d54b6780-f38e-4792-9acb-5e7e00657217%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57c951f9.3584fe3.17d09%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
