Pairwise Identifiers - OpenID Connect Authentication
When pairwise subject type is used, CAS will calculate a unique sub value for each sector identifier. This identifier
should not be reversible by any party other than CAS and is somewhat akin to CAS generating persistent anonymous user
identifiers. Each value provided to every relying party is different so as not
to enable clients to correlate the user’s activities without permission.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
"@class" : "org.apereo.cas.services.OidcRegisteredService",
"clientId": "client",
"clientSecret": "secret",
"serviceId" : "^<https://the-redirect-uri>",
"subjectType": "pairwise",
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.PairwiseOidcRegisteredServiceUsernameAttributeProvider",
"persistentIdGenerator" : {
"@class" : "org.apereo.cas.authentication.principal.OidcPairwisePersistentIdGenerator",
"salt" : "aGVsbG93b3JsZA=="
}
}
}