The filter is probably and admittedly a bad name for what it does. 4.1 should make this all a lot more clear.
AllowedAttributes controls what attributes are released. The AttributeFilter controls what attribute values can be released, out of the allowed set. Obviously, if you tweak the first set you would subsequently affect the filter as well...and yes, only what is allowed and can pass through that filter will be made available to the app. If you are receiving everything, post relevant bits of your configuration and we can review. -----Original Message----- From: Carlos Olivera [mailto:[email protected]] Sent: Thursday, October 9, 2014 12:31 PM To: [email protected] Subject: [cas-user] Cas Server 4.0 | Understanding Attribute Release Hi everyone, I'm currently working with Cas server 4.0 and applying customizations, but there's still something I can't quite figure out yet. In the section of attribute release says: First: Attributes are controlled by the Person Directory project and returned to scoped services via the SAML 1.1 protocolor the CAS protocol. Attributes pass through a two-step process: Resolution: Done at the time of establishing the principal via PrincipalResolver components where attributes are resolved from various sources that are outlined below. Release: Adopters must explicitly configure attribute release for services in order for the resolved attributes to be released to a service in the validation response. My question is, what happens when the service reduces the number of attributes to release either by using "getAllowedAttributes" or by getAttributeFilter? Does it mean that whenever I get a reference to AttributePrincipal in the client, only those released attributes will be available? If I'm getting that last one wrong, what is the use of allowedAttributes? In my current implementation, I always receive all the attributes (via SAML) in the client no matter how many filters I set up. Thanks in advance and sorry for my English ;) -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
