We have CAS 6.3.5 configured to return a default set of attributes defined with the property "cas.authn.attribute-repository.default-attributes-to-release". This works as desired.
We wanted to release only a subset of these attributes to a particular registered service. The CAS docs suggest this may be possible by using an attributeReleasePolicy in the service definition that specifies "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy" < https://apereo.github.io/cas/6.3.x/integration/Attribute-Release-Policies.html#return-allowed > So I added the following to an existing working service definition: "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", "allowedAttributes" : [ "java.util.ArrayList", [ "cn", "sn", "mail" ] ] } But CAS still seems to release the full set of default attributes for the service, and not just "cn", "sn", "mail" as defined above. Am I misinterpreting what ReturnAllowedAttributeReleasePolicy should do here? If not, any ideas what may be amiss? -- Baron Fujimoto <[email protected]> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2NwO-%2B27FpFh%3DG6-QbpqNYtNWj6gGXU8BTQXdVk3cktA%40mail.gmail.com.
