| Hi,
Here my deployerconfig. I have the same problem than carlos. I dont understand why i have all attributes.. I have tried both with Attributefilter and allowedattributes but its the same.
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
|
deployer
Description: Binary data
Thanks a lot.
----------------------------------------------------------------- Daniel CHARLOT D.S.I. Université de Nice Sophia-Antipolis Administrateur Systèmes et Réseaux 28, avenue de Valrose - BP 2135 - 06103 NICE Tél : 04-92-07-67-07
The filter is probably and admittedly a bad name for what it does. 4.1
should make this all a lot more clear.
AllowedAttributes controls what attributes are released. The AttributeFilter
controls what attribute values can be released, out of the allowed set.
Obviously, if you tweak the first set you would subsequently affect the
filter as well...and yes, only what is allowed and can pass through that
filter will be made available to the app. If you are receiving everything,
post relevant bits of your configuration and we can review.
-----Original Message-----
From: Carlos Olivera [mailto:[email protected]]
Sent: Thursday, October 9, 2014 12:31 PM
To: [email protected]
Subject: [cas-user] Cas Server 4.0 | Understanding Attribute Release
Hi everyone, I'm currently working with Cas server 4.0 and applying
customizations, but there's still something I can't quite figure out yet.
In the section of attribute release says:
First:
Attributes are controlled by the Person Directory project and returned to
scoped services via the SAML 1.1 protocolor the CAS protocol.
Attributes pass through a two-step process:
Resolution: Done at the time of establishing the principal via
PrincipalResolver components where attributes are resolved from various
sources that are outlined below.
Release: Adopters must explicitly configure attribute release for services
in order for the resolved attributes to be released to a service in the
validation response.
My question is, what happens when the service reduces the number of
attributes to release either by using "getAllowedAttributes" or by
getAttributeFilter? Does it mean that whenever I get a reference to
AttributePrincipal in the client, only those released attributes will be
available? If I'm getting that last one wrong, what is the use of
allowedAttributes?
In my current implementation, I always receive all the attributes (via SAML)
in the client no matter how many filters I set up.
Thanks in advance and sorry for my English ;)
--
You are currently subscribed to [email protected] as:
[email protected] To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
|
