You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Attributes are returned to scoped services and pass through a two-step process:
Attribute Resolution: Done at the time of establishing the principal, usually via
PrincipalResolvercomponents where attributes are resolved from various sources.
- Attribute Release: Adopters must explicitly configure attribute release for services in order for the resolved attributes to be released to a service in the validation response.
Attribute release may also be configured via the Service Management tool.
Decide how CAS-protected applications should receive the authenticated userid. See this guide for more info.
Attribute Release Policy
Decide how CAS should release attributes to applications. See this guide for more info.
Provide the ability to enforce user consent to attribute release. See this guide for more info.
Control how resolved attributes by CAS should be cached. See this guide for more info.
CAS by default supports the ability to encrypt certain attributes, such as the proxy-granting ticket and the credential conditionally. The default implementation of the attribute encoder will use a per-service key-pair to encrypt sensitive attributes. See this guide to learn more.
CAS attributes may be decorated with additional metadata which can later be used depending on the requirements of the protocol and nature of the integration with a target application. To learn more, please see this guide.