WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
OpenID Connect Claim Definitions
Attribute definitions that specifically apply to the release of attributes as part of OpenID Connect responses can be
defined using the OidcAttributeDefinition. Defining an attribute with this definition does not
prevent it from being released by other protocols.
1
2
3
4
5
6
7
8
9
{
"@class": "java.util.TreeMap",
"mail": {
"@class": "org.apereo.cas.oidc.claims.OidcAttributeDefinition",
"key": "mail",
"structured": false,
"trustFramework": "eidas"
}
}
The following additional settings can be specified for a OpenID Connect attribute definitions:
| Name | Description |
|---|---|
structured |
Default is false. Determines if the resulting attribute should be encoded as a hierarchical/structured attribute, activated only if the name assigned to the attribute definition indicates a hierarchical layout such as parent.child.child |
trustFramework |
Default is empty. Name of the identity assurance trust framework that would force CAS to mark this claim as a verified claim. |
To learn more about attribute definitions, please see this guide.