WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Anonymous Principal Id
The following options are available to produce anonymous usernames.
-
Provides an opaque identifier for the username.
1 2 3 4 5 6 7 8 9 10
{ "@class" : "org.apereo.cas.services.CasRegisteredService", "serviceId" : "sample", "name" : "sample", "id" : 500, "description" : "sample", "usernameAttributeProvider" : { "@class" : "org.apereo.cas.services.AnonymousRegisteredServiceUsernameAttributeProvider" } }
-
Provides an opaque identifier for the username. The opaque identifier by default conforms to the requirements of the
eduPersonTargetedIDattribute. The generated id may be based off of an existing principal attribute. If left unspecified or attribute not found, the authenticated principal id is used.The value is a tuple consisting of an opaque identifier for the principal, a name for the source of the identifier, and a name for the intended audience of the identifier.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
{ "@class" : "org.apereo.cas.services.CasRegisteredService", "serviceId" : "sample", "name" : "sample", "id" : 500, "description" : "sample", "usernameAttributeProvider" : { "@class" : "org.apereo.cas.services.AnonymousRegisteredServiceUsernameAttributeProvider", "persistentIdGenerator" : { "@class" : "org.apereo.cas.authentication.attribute.ShibbolethCompatiblePersistentIdGenerator", "salt" : "aGVsbG93b3JsZA==", "attribute": "" } } }
To simulate the behavior, you may also try the following command:
1 2 3
perl -e 'use Digest::SHA qw(sha1_base64); \ $digest = sha1_base64("$SERVICE!$USER!$SALT"); \ $eqn = length($digest) % 4; print $digest; print "=" x (4-$eqn) . "\n"'
Replace
$SERVICE(the url of the application under test),$USERand$SALTwith the appropriate values for the test.