Drew, I did some experimenting. If I change uvic.ca to uvic.com, it actually prevents successful authentication. We only use local ldap; so I can not say what should happen after delegated authn.
Ray ________________________________ From: [email protected] <[email protected]> on behalf of Drew Northup <[email protected]> Sent: February 10, 2026 09:32 To: [email protected] <[email protected]> Subject: Re: [cas-user] Principal Resolution: Regex Ok, It isn't crashing now, but I can't seem to get the REGEX to do anything. Is there some other setting that must be set for the REGEX to actually have any effect on the Principal whatsoever? Right now it seems to me that it is just something to put there to check a box that doesn't actually do anything. On Mon, Feb 9, 2026 at 12:50 PM 'Ray Bon' via CAS Community <[email protected]<mailto:[email protected]>> wrote: Drew, We also use yaml config and that property; no quotes, no escaping [escape characters]. The regex would be java based, https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/util/regex/Pattern.html Ray ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of Drew Northup <[email protected]<mailto:[email protected]>> Sent: February 8, 2026 09:39 To: CAS Community <[email protected]<mailto:[email protected]>> Subject: [cas-user] Principal Resolution: Regex You don't often get email from [email protected]<mailto:[email protected]>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> We've made it a bit further along, thanks for the help thus far. Time for the next question: What is the REGEX dialect of cas.person-directory.principal-transformation.pattern ? I'm trying various flavors of ^([a-zA-Z0-9.]+)@maine\.edu both with and without escaping, and they all are blowing up, causing immediate crash without even writing out an error message. We're using the YAML config format, so the REGEX is enclosed in double-quotes. We need to remove the scope from the principal's username after (Delegated) authentication, if and only if it matches our domain (all other attempts should fail to lookup attributes). Does it require leading and trailing forward slashes ("/")? Does it use some really odd REGEX dialect? (And no, telling me it supports the Spring Expression Language is not useful information, unless of course this isn't actually something expecting a REGEX.) Is there some better mechanism for this? (No, filtering in the upstream delegated authenticator, and potentially introducing a security hole large enough to drive a bus through, is not a realistic "better" mechanism.) -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4868036a-30b2-492a-8e71-6812eb29df10n%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/4868036a-30b2-492a-8e71-6812eb29df10n%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group. To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/hztb4KfpKbc/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081C554D20773AE6F72B438CE65A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM<https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081C554D20773AE6F72B438CE65A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer>. -- ---------------------------+-------------------------------- Drew Northup | University of Maine System | [email protected] Computing Center | Orono, ME 04469 | -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHq8xo%2Bbt9NCxzg8Bp%2Bw39ORJV4tR5pBL%2B5_Y3d9hEG1g61mQg%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHq8xo%2Bbt9NCxzg8Bp%2Bw39ORJV4tR5pBL%2B5_Y3d9hEG1g61mQg%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB008197AA41DCD72686F7E927CE62A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM.
