The definition of an attribute in CAS, when fetched and resolved from an authentication or attribute repository source, tends to be defined
and referenced using its name without any additional metadata or decorations. For example, you may wish to retrieve a
uid attribute and virtually
rename and map it to a
userIdentifier attribute either globally or for specific application integrations. For most use cases, this configuration
works quite comfortably and yet, depending on the nature of the target application and the authentication protocol used to complete the integration,
additional requirements could be imposed and may have to be specified to define an attribute with
additional pointers, when shared and released with a relying party. For example, a
SAML2 service provider may require a scoped attribute for an
eduPersonPrincipalName whose value
is always determined from the
uid attribute with a special friendly-name that is always provided regardless of the target application.
While bits and pieces of metadata about a given attribute can be defined either globally in CAS configuration settings or defined inside a service definition, an attribute definition store allows one to describe metadata about necessary attributes with special decorations to be considered during attribute resolution and release. The specification of the attribute definition store is entirely optional and the store may not contain any attribute definitions.
The following settings and properties are available from the CAS configuration catalog:
The location of the resource. Resources can be URLS, or files found either on the classpath or outside somewhere in the file system.In the event the configured resource is a Groovy script, specially if the script set to reload on changes, you may need to adjust the total number of