With CAS 6.6.x (current tests were with the CAS 6.6.6 and 6.6.7 overlay) I
get from the OAuth endpoint oauth2.0/profile all the authentication
attributes in addition to the attributes that should be released according
to the attributeReleasePolicy in the service definition.
Unwanted parts of profile endpoint:
...
"org.apereo.cas.authentication.Authentication": {
"authenticationDate": "xxx",
"principal": {
"@class": "org.apereo.cas.authentication.principal.SimplePrincipal",
"id": "xx",
"attributes": {
... all available attributes and values and not only the ones from the
release policy.. "
"credentials": { ...
}
...
I tried to set configurations so that the endpoint does not release the
authentication attributes in the profile endpoint.
I set in the attribute release policy within the attributeReleasePolicy:
"authorizedToReleaseAuthenticationAttributes": false
I set in the cas.properties and tried:
cas.authn.authentication-attribute-release.enabled=false
And I tested
cas.authn.authentication-attribute-release.never-release=authenticationMethod,successfulAuthenticationHandlers,authenticationDate
with
cas.authn.authentication-attribute-release.enabled=false
and also tested
cas.authn.authentication-attribute-release.enabled=true
And I tested to reduce the information by only setting the
authenticationDate, but also without consequences to the information of the
endpoint
cas.authn.authentication-attribute-release.enabled=true
cas.authn.authentication-attribute-release.only-release=authenticationDate
All configurations did not have any consequences at all on the profile
endpoint.
Any other ideas how to reduce the released information? Did I miss the
right property for the proper configuration?
With our running CAS 6.5.x the profile endpoint is alright as I only get
back the "service", "attributes" (the ones from the attributeReleasePolicy)
"id" and "client_id". We would like to have a similar behavior with CAS
6.6.x.
In the logs I seem to see the "right" log messages. But as mentioned above
no impact on the bahavior of the profile endpoint.
2023-04-27 10:33:42,044 DEBUG
[org.apereo.cas.authentication.DefaultAuthenticationAttributeReleasePolicy]
- <Attribute
release policy for service [.....] is configured to never release any
authentication attributes>.
Any hints would be great. Thank you in advance.
Best regards
Marie
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fb9c4e44-7331-4fc0-b6a7-cdc0bd1d45f5n%40apereo.org.
