Hello, I followed this (https://fawnoos.com/2019/03/15/cas61x-attribute-repositories/), to define a service to use a specific attribute repository to obtain extra attributes for a single service.
I only need these attributes for the one service, so I would rather not query them unless the user is attempting to authenticate to a minimally used service. Config: #======================================== # CAS PERSON DIRECTORY #======================================== cas.person-directory.active-attribute-repository-ids=NONE cas.person-directory.attribute-resolution-enabled=false cas.person-directory.principalAttribute=sAMAccountName cas.person-directory.return-null=false cas.person-directory.principal-resolution-failure-fatal=true cas.person-directory.use-existing-principal-id=false cas.authn.attribute-repository.core.merger=ADD #======================================== # REST ATTRIBUTE REPOSITORY #======================================== cas.authn.attribute-repository.rest[0].id=REST_REPO cas.authn.attribute-repository.rest[0].order=1 cas.authn.attribute-repository.rest[0].url=https://host/folder/ cas.authn.attribute-repository.rest[0].basic-auth-username=test cas.authn.attribute-repository.rest[0].basic-auth-password=test cas.authn.attribute-repository.rest[0].state=ACTIVE cas.authn.attribute-repository.rest[0].username-attribute=employeeID cas.authn.attribute-repository.rest[0].method=GET If I set these to: cas.person-directory.active-attribute-repository-ids=REST_REPO cas.person-directory.attribute-resolution-enabled=true It appears to lookup the attributes on every request and returns the desired attributes. I was hoping to use a service: { "@class" : "org.apereo.cas.services.CasRegisteredService", "id":10, "serviceId":"^(https://test.com/).*", "name":"TEST", "description":"TEST", "ssoEnabled":true, "evaluationOrder":10, "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy", "principalAttributesRepository" : { "@class" : "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository", "ignoreResolvedAttributes": false, "attributeRepositoryIds": ["java.util.HashSet", [ "REST_REPO" ]], "mergingStrategy" : "ADD" } } } to use that attribute repo. Is this possible, and if so, what do I need to do to make it work? I know for example, with surrogate auth, I don't specifically need the person directory working on every request, just the ones that use that flow... Thank you, Matt -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1789c90a-f8e8-47a3-8ebe-173473e920d8n%40apereo.org.
