Scripted Principal Id

Usage

This feature is deprecated and is scheduled to be removed in the future.

Let an external Javascript, Groovy or Python script decide how the principal id attribute should be determined. This approach takes advantage of scripting functionality built into the Java platform. While Javascript and Groovy should be natively supported by CAS, Python scripts may need to massage the CAS configuration to include the Python modules.

Scripts will receive and have access to the following variable bindings:

  • id: The existing identifier for the authenticated principal.
  • attributes: A map of attributes currently resolved for the principal.
  • logger: A logger object, able to provide logger.info() operations, etc.
1
2
3
4
5
6
7
8
9
10
11
12

{
  "@class" : "org.apereo.cas.services.CasRegisteredService",
  "serviceId" : "sample",
  "name" : "sample",
  "id" : 500,
  "description" : "sample",
  "usernameAttributeProvider" : {
    "@class" : "org.apereo.cas.services.ScriptedRegisteredServiceUsernameProvider",
    "script" : "file:///etc/cas/sampleService.[groovy|js|.py]",
    "canonicalizationMode" : "UPPER"
  }
}

Sample Groovy script follows:

1
2
3
4
5
6
7

def run(Object[] args) {
    def attributes = args[0]
    def id = args[1]
    def logger = args[2]
    logger.info("Testing username attribute")
    return "test"
}

Sample Javascript function follows:

1
2
3

function run(uid, logger) {
   return "test"
}