WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Attribute Release
Attributes are returned to scoped services and pass through a two-step process:
-
Attribute Resolution: Done at the time of establishing the principal, usually via
PrincipalResolver
components where attributes are resolved from various sources. - Attribute Release: Adopters must explicitly configure attribute release for services in order for the resolved attributes to be released to a service in the validation response.
Attribute release may also be configured via the Service Management tool.
Principal-Id Attribute
Decide how CAS-protected applications should receive the authenticated userid. See this guide for more info.
Attribute Release Policy
Decide how CAS should release attributes to applications. See this guide for more info.
Attribute Consent
Provide the ability to enforce user consent to attribute release. See this guide for more info.
Caching Attributes
Control how resolved attributes by CAS should be cached. See this guide for more info.
Encrypting Attributes
CAS by default supports the ability to encrypt certain attributes, such as the proxy-granting ticket and the credential conditionally. The default implementation of the attribute encoder will use a per-service key-pair to encrypt sensitive attributes. See this guide to learn more.
Attribute Definitions
CAS attributes may be decorated with additional metadata which can later be used depending on the requirements of the protocol and nature of the integration with a target application. To learn more, please see this guide.