I have done this with one of our services.
Here is the groovy code to handle something similar. Probably not the
cleanest.
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"mail" : "groovy {return attributes['emailAddress'] }",
"userType" : "groovy {def r=[];def a=['student','employee','faculty'];for(x
in attributes['memberOf']){for(y in
a){if(x.toLowerCase().contains(y)){r+=y};};};return r.unique();}"
}
}You can build out the logic in an online groovy interpreter like https://groovy-playground.appspot.com/ then make it one line and throw it in a service registry entry. Hope this helps! On Thu, Aug 27, 2020 at 1:33 PM Michael Wisenbaker <[email protected]> wrote: > Ray, > > Warning: I've never touched CAS, I'm trying to find ways to make our use > case work to suggest them to the proper folks. > > In pseudocode what I am looking for is: > > if memberOf Group1 { > attribute value = x > }else{ > attribute value = y > } > > I'm not sure if any of the regex filters would apply, but this seems like > something that could be accomplished via a Groovy script? > > We currently pass an HR identifier to Zoom that determines which > org/sub-org an account is in, but it would be beneficial to be able to > over-ride this value for certain individuals; e.g. students that have no HR > identifier. > > I appreciate that you took the time to respond to my OP! > > On Thursday, August 27, 2020 at 12:56:38 PM UTC-4 Ray Bon wrote: > >> Michael, >> >> Is this what you are looking for: >> https://apereo.github.io/cas/6.2.x/integration/Attribute-Value-Release-Policies.html#mutant-mapped-regex >> >> Ray >> >> On Thu, 2020-08-27 at 08:47 -0700, Michael Wisenbaker wrote: >> >> Is it possible to have a flow within CAS that provides differing >> attributes to the SP based upon ldap group membership? For example, for >> members of GROUP1 attribute x=value and for members of GROUP2 attribute >> x=someothervalue? >> >> For a more concrete example - my org uses CAS for Zoom integration, one >> of the attributes passed through is an identifier drawn from an ldap >> source, but in some cases it would be preferable that this attribute could >> be modified without changing the ldap source >> >> Thanks. >> >> -- >> >> Ray Bon >> Programmer Analyst >> Development Services, University Systems >> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] >> >> I respectfully acknowledge that my place of work is located within the >> ancestral, traditional and unceded territory of the Songhees, Esquimalt and >> WSÁNEĆ Nations. >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/7fb34e7c-53d7-4c1a-a228-5d5d1af70da9n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7fb34e7c-53d7-4c1a-a228-5d5d1af70da9n%40apereo.org?utm_medium=email&utm_source=footer> > . > -- Robert Bond Network Administrator (918) 444-5886 Northeastern State University -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOA9z6r2T0WphQETxSF0nU0dA0oYcsvFucudRYg8qbyCMMB2xQ%40mail.gmail.com.
