Principal-Id Attribute
The service registry component of CAS has the ability to allow for configuration of a
usernameAttributeProvider to be returned for the given registered service. When this property is
set for a service, CAS will return the value of the configured attribute as part of its validation process.
- Ensure the attribute is available and resolved for the principal
- Set the
usernameAttributeProviderproperty of the given service to once of the attribute providers below
Default
The default configuration which need not explicitly be defined, simply returns the resolved principal id as the username for this service.
1
2
3
4
5
6
7
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "sample",
"name" : "sample",
"id" : 100,
"description" : "sample"
}
Attribute
Returns an attribute that is already resolved for the principal as the username for this service. If the attribute is not available, the default principal id will be used.
1
2
3
4
5
6
7
8
9
10
11
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "sample",
"name" : "sample",
"id" : 600,
"description" : "sample",
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "cn"
}
}
Anonymous
Provides an opaque identifier for the username. The opaque identifier by default conforms to the requirements of the eduPersonTargetedID attribute.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "sample",
"name" : "sample",
"id" : 500,
"description" : "sample",
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.AnonymousRegisteredServiceUsernameAttributeProvider",
"persistentIdGenerator" : {
"@class" : "org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
"salt" : "aGVsbG93b3JsZA=="
}
}
}