WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Attribute Release Policy - Return Encrypted
Encrypt and encode all all allowed attributes in base-64 using the assigned registered service public key.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"serviceId" : "sample",
"name" : "sample",
"id" : 100,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnEncryptedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "cn", "mail", "sn" ] ]
},
"publicKey" : {
"@class" : "org.apereo.cas.services.RegisteredServicePublicKeyImpl",
"location" : "classpath:public.key",
"algorithm" : "RSA"
}
}
The keys can be generated via the following commands:
1
2
3
openssl genrsa -out private.key 1024
openssl rsa -pubout -in private.key -out public.key -inform PEM -outform DER
openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in private.key -out private.p8
Attributes authorized and allowed for release by this policy may not necessarily be available as resolved principal attributes and can be resolved on the fly dynamically using the attribute definition store.