I was able to sort it out. Thank you, Matt
On Saturday, March 30, 2024 at 1:46:24 PM UTC-4 Matthew Gordon wrote: > Hello, > > I followed this ( > https://fawnoos.com/2019/03/15/cas61x-attribute-repositories/), to define > a service to use a specific attribute repository to obtain extra attributes > for a single service. > > I only need these attributes for the one service, so I would rather not > query them unless the user is attempting to authenticate to a minimally > used service. > > Config: > > #======================================== > # CAS PERSON DIRECTORY > #======================================== > cas.person-directory.active-attribute-repository-ids=NONE > cas.person-directory.attribute-resolution-enabled=false > cas.person-directory.principalAttribute=sAMAccountName > cas.person-directory.return-null=false > cas.person-directory.principal-resolution-failure-fatal=true > cas.person-directory.use-existing-principal-id=false > cas.authn.attribute-repository.core.merger=ADD > > > #======================================== > # REST ATTRIBUTE REPOSITORY > #======================================== > cas.authn.attribute-repository.rest[0].id=REST_REPO > cas.authn.attribute-repository.rest[0].order=1 > cas.authn.attribute-repository.rest[0].url=https://host/folder/ > cas.authn.attribute-repository.rest[0].basic-auth-username=test > cas.authn.attribute-repository.rest[0].basic-auth-password=test > cas.authn.attribute-repository.rest[0].state=ACTIVE > cas.authn.attribute-repository.rest[0].username-attribute=employeeID > cas.authn.attribute-repository.rest[0].method=GET > > If I set these to: > > cas.person-directory.active-attribute-repository-ids=REST_REPO > cas.person-directory.attribute-resolution-enabled=true > > It appears to lookup the attributes on every request and returns the > desired attributes. > > I was hoping to use a service: > > { > "@class" : "org.apereo.cas.services.CasRegisteredService", > "id":10, > "serviceId":"^(https://test.com/).*", > "name":"TEST", > "description":"TEST", > "ssoEnabled":true, > "evaluationOrder":10, > "attributeReleasePolicy" : { > "@class" : > "org.apereo.cas.services.ReturnAllAttributeReleasePolicy", > "principalAttributesRepository" : { > "@class" : > "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository", > "ignoreResolvedAttributes": false, > "attributeRepositoryIds": ["java.util.HashSet", [ "REST_REPO" > ]], > "mergingStrategy" : "ADD" > } > } > } > > to use that attribute repo. > > Is this possible, and if so, what do I need to do to make it work? > > I know for example, with surrogate auth, I don't specifically need the > person directory working on every request, just the ones that use that > flow... > > Thank you, > Matt > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2e4971be-d72a-4617-a16f-4cadf034dd8bn%40apereo.org.
