Attribute Release Policy - Return Allowed

Only return the principal attributes that are explicitly allowed by the service definition.

  • 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    
    {
      "@class" : "org.apereo.cas.services.CasRegisteredService",
      "serviceId" : "^https://app.example.org",
      "name" : "sample",
      "id" : 100,
      "attributeReleasePolicy" : {
        "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
        "allowedAttributes" : [ "java.util.ArrayList", [ "cn", "mail", "sn" ] ]
      }
    }
    

    Attributes authorized and allowed for release by this policy may not necessarily be available as resolved principal attributes and can be resolved on the fly dynamically using the attribute definition store.

  • Allowed attributes may also contain inline Groovy script that would be tasked to build attributes dynamically on the fly and return back a Map<String, List<Object>> of results:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    
    {
      "@class" : "org.apereo.cas.services.CasRegisteredService",
      "serviceId" : "^https://app.example.org",
      "name" : "Sample",
      "id" : 1,
      "attributeReleasePolicy" : {
        "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
        "allowedAttributes" : [ "java.util.ArrayList", 
          [ 
            "cn", 
            "groovy { [ fullName: [ 'FN/' + attributes['fullName'][0] ] ] }", 
            "sn" 
          ] 
        ]
      }
    }
    

    To prepare CAS to support and integrate with Apache Groovy, please review this guide.