WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Pairwise Identifiers - OpenID Connect Authentication
When pairwise subject type is used, CAS will calculate a unique sub value for each sector identifier. This identifier
should not be reversible by any party other than CAS and is somewhat akin to CAS generating persistent anonymous user
identifiers. Each value provided to every relying party is different so as not
to enable clients to correlate the user’s activities without permission.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
"@class" : "org.apereo.cas.services.OidcRegisteredService",
"clientId": "client",
"clientSecret": "secret",
"serviceId" : "^<https://the-redirect-uri>",
"subjectType": "pairwise",
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.PairwiseOidcRegisteredServiceUsernameAttributeProvider",
"persistentIdGenerator" : {
"@class" : "org.apereo.cas.authentication.principal.OidcPairwisePersistentIdGenerator",
"salt" : "aGVsbG93b3JsZA=="
}
}
}