Attribute Release Policy - Return Linked
This policy will release a collection of allowed principal attributes for the service, allowing those attributes to be built off a series of resolved, available principal attributes that are assigned and linked to the attribute definition as the source for values. If none of the defined attributes can produce a value, then the defined attribute will not be released.
For example, the following configuration will attempt to release an attribute component
,
sourcing its values from what is assigned to its entry (i.e cn
, givenName
, etc). Each assigned attribute (i.e cn
, givenName
, etc)
will be tried one by one and the first attribute that can produce a value will be used as the attribute value source for component
. If no match
is found, then component
will not be released.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"serviceId" : "sample",
"name" : "sample",
"id" : 300,
"description" : "sample",
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnLinkedAttributeReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"component" : ["java.util.ArrayList", ["cn", "givenName", "unknown", "firstName"]]
}
}
}
If CAS has the attribute firstName
in its pool of available, resolved attributes with values bob
and robert
,
and no other attribute is available or can produce a value, then the outcome of the above attribute policy would be to
authorize the release of component
with values for bob
and robert
.