Hi Mac, You might want to look at implementing a custom org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy or just extending org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy and overriding getAttributesInternal(). This method gives you access to the attributes and a place to do whatever transformations are needed. I've used that approach.
You then need to configure your RegisteredServices with your custom attribute release policy, as shown, e.g., here: https://apereo.github.io/cas/5.3.x/integration/Attribute-Release-Policies.html . Dan Ellentuck Columbia University I.T. On Fri, Jun 21, 2019 at 9:10 AM Mac Reid <[email protected]> wrote: > Hi, > > Some basic info: > > RHEL 7 > Oracle Java 1.8.0_151 > CAS version 5.3.11 > > We're looking to do some attribute rewriting in a CAS service. We are > looking to send a new attribute (that doesn't exist in our attribute > repositories) based on the value of an attribute that exists in our > attribute repository. For example, given an attribute on the left, we want > to send a new attribute on the right: > > eduPersonEntitlement: somevalue -> differentAttribute: true > eduPersonEntitlement: othervalue -> differentAttribute: false > > > This should be possible with a Groovy script, however we are hitting a > long delay when executing inline or external groovy scripts. The delay is > typically 4 or 5 seconds as seen below. > > In Service Def: > > > attributeReleasePolicy: { > @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy > attributeFilter: { > @class: > org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter > script: file:/etc/cas/test.groovy > } > allowedAttributes : ["java.util.ArrayList", ["uid", > "differentAttribute"]] > } > > > Some debug log lines: > > > 2019-06-21 08:15:21,715 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > <Invoking attribute filter > [RegisteredServiceScriptedAttributeFilter(order=0, > script=file:/etc/cas/test.groovy)] on the final set of attributes> > 2019-06-21 08:15:21,715 DEBUG > [org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter] > - <Found groovy script file to execute [/etc/cas/test.groovy]> > 2019-06-21 08:15:21,716 DEBUG [org.apereo.cas.util.ScriptingUtils] - > <Executing groovy script [import java.util.* > logger.info "Attributes currently resolved: ${attributes}" > return attributes > ] with variables [{attributes={uid=[mareid-t]}, > logger=org.apache.logging.slf4j.Log4jLogger@66f90157}]> > 2019-06-21 08:15:26,209 INFO > [org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter] > - <Attributes currently resolved: [uid:[mareid-t]]> > > 2019-06-21 08:54:12,657 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > <Invoking attribute filter > [RegisteredServiceScriptedAttributeFilter(order=0, > script=file:/etc/cas/test.groovy)] on the final set of attributes> > 2019-06-21 08:54:12,657 DEBUG > [org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter] > - <Found groovy script file to execute [/etc/cas/test.groovy]> > 2019-06-21 08:54:17,622 DEBUG > [org.apereo.cas.util.scripting.ScriptingUtils] - <Executing groovy script > [import java.util.* > logger.info "Attributes currently resolved: ${attributes}" > return attributes > ] with variables [{attributes={uid=[mareid-t]}, > logger=org.apache.logging.slf4j.Log4jLogger@189abc6}]> > 2019-06-21 08:54:18,499 INFO > [org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter] > - <Attributes currently resolved: [uid:[mareid-t]]> > > > Is there a different way to accomplish this? Can we eliminate the when > executing groovy scripts? > > Thanks, > > Mac > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALX_e4mG%3Dv%2BkR6yY7KnfjdXfgm-mmyb2WZ82a2XG%2BBD0M0w%3Dkg%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALX_e4mG%3Dv%2BkR6yY7KnfjdXfgm-mmyb2WZ82a2XG%2BBD0M0w%3Dkg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFqYg5KAXOv7kxj%3DXXNXo%3DoioAFu9BnAhvegy%3DZvsnRg3s08-g%40mail.gmail.com.
