Just to close the loop on this and for the benefit of anyone (possibly even
myself :P ) searching for this in the future, the missing magic bit was
indeed "excludeDefaultAttributes" (set to "true").
The following excerpt is an example that releases only the cn and sn as a
subset of the usual default set of released attributes.
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"excludeDefaultAttributes" : true,
"allowedAttributes" : [ "java.util.ArrayList", [ "cn", "sn" ] ],
}
On Wed, Oct 13, 2021 at 2:35 AM King, Robert <[email protected]> wrote:
> Would
>
>
>
> excludeDefaultAttributes: false
>
>
>
> be what you are looking for?
>
>
>
> *From:* [email protected] <[email protected]> *On Behalf Of *Pablo
> Vidaurri
> *Sent:* Tuesday, October 12, 2021 8:29 PM
> *To:* CAS Community <[email protected]>
> *Cc:* baron <[email protected]>
> *Subject:* [EXTERNAL SENDER] [cas-user] Re: Return allowed attributes?
>
>
>
>
> From description
> <https://apereo.github.io/cas/6.2.x/integration/Attribute-Release-Policies.html#default>of
> default attributes, the purpose of default-attributes-to-release is to
> always release the attributes defined here regardless of what you have or
> dont have in attributeReleasePolicy at the service level.
>
> On Thursday, October 7, 2021 at 3:55:53 PM UTC-5 baron wrote:
>
> We have CAS 6.3.5 configured to return a default set of attributes defined
> with the property
> "cas.authn.attribute-repository.default-attributes-to-release". This works
> as desired.
>
>
>
> We wanted to release only a subset of these attributes to a
> particular registered service. The CAS docs suggest this may be possible by
> using an attributeReleasePolicy in the service definition that specifies
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy"
>
>
>
> <
> https://apereo.github.io/cas/6.3.x/integration/Attribute-Release-Policies.html#return-allowed
> >
>
>
>
> So I added the following to an existing working service definition:
>
>
>
> "attributeReleasePolicy" : {
> "@class" :
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
> "allowedAttributes" : [ "java.util.ArrayList", [ "cn", "sn", "mail" ] ]
> }
>
> But CAS still seems to release the full set of default attributes for the
> service, and not just "cn", "sn", "mail" as defined above.
>
>
>
> Am I misinterpreting what ReturnAllowedAttributeReleasePolicy should do
> here? If not, any ideas what may be amiss?
>
> --
>
> Baron Fujimoto <[email protected]> :: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ec95a065-11df-4941-9cec-26ae5d907cb8n%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/ec95a065-11df-4941-9cec-26ae5d907cb8n%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
Baron Fujimoto <[email protected]> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0m59xy8L7NBJ8Q8mgxGewG4SD%3DhtJd8%3DdvaJ-tLcq2zA%40mail.gmail.com.
