WORKERS AHEAD!

You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.

Attribute-based Principal Id

Returns an attribute that is already resolved for the principal as the username for this service. If the attribute is not available, the default principal id will be used.

{
  "@class" : "org.apereo.cas.services.CasRegisteredService",
  "serviceId" : "sample",
  "name" : "sample",
  "id" : 1,
  "description" : "sample",
  "usernameAttributeProvider" : {
    "@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
    "usernameAttribute" : "cn",
    "canonicalizationMode" : "UPPER",
    "scope": "example.org",
    "removePattern": ""
  }
}

The following settings and properties are available:

Property	Description
`canonicalizationMode`	Optional. Transform the username to uppercase, or lowercase. Allowed values are `UPPER`, `LOWER` or `NONE`.
`scope`	Optional. Allows you to scope the value to a given domain, by appending the domain to the final user id.
`removePattern`	Optional. A regular expression pattern that would remove all matches from the final user id.

The following examples should provide useful:

Select the username from the resolved attribute, cn, and make sure it’s transformed into an uppercase string.

{
  "@class" : "org.apereo.cas.services.CasRegisteredService",
  "serviceId" : "sample",
  "name" : "sample",
  "id" : 1,
  "description" : "sample",
  "usernameAttributeProvider" : {
    "@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
    "usernameAttribute" : "cn",
    "canonicalizationMode" : "UPPER"
  }
}

Select the username from the resolved attribute, email, and make sure it’s transformed into an uppercase string. Then, remove all values that match the pattern @.+ from the result, and scope the result to example.org.

{
  "@class" : "org.apereo.cas.services.CasRegisteredService",
  "serviceId" : "sample",
  "name" : "sample",
  "id" : 1,
  "description" : "sample",
  "usernameAttributeProvider" : {
    "@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
    "usernameAttribute" : "email",
    "canonicalizationMode" : "UPPER",
    "scope": "example.org",
    "removePattern": "@.+"
  }
}

If the email attribute has the value of casuser@apereo.org, the final username resolved would be: CASUSER@EXAMPLE.ORG