I'm still digging around trying to figure it out. I'm making some
progress, I think, but I'm still not able to get custom attributes into the
JWT. Is this expected? Am I still missing something? I wrote my own
custom PrincipalAttributesRepository, and it does get called and does
return custom attributes.
2021-08-06 16:26:35,491 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Initiating attributes release phase for principal [ghi] accessing service
[AbstractWebApplicationService(id=ghi, originalUrl=ghi, artifactId=null,
principal=null, source=null, loggedOutAlready=false, format=XML,
attributes={})] defined by registered service [^test$]...>
2021-08-06 16:26:35,491 TRACE
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Locating principal attributes for [ghi]>
2021-08-06 16:26:35,491 TRACE
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Loading global principal attribute repository with caching policies...>
2021-08-06 16:26:35,491 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Using principal attribute repository [
*ClientCredentialsPrincipalAttributesRepository*@7a6d06de] to retrieve
attributes>
2021-08-06 16:26:35,491 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
*<Found
principal attributes [{permissions=[12345], myName=[myNameValue]}] for
[ghi]>*
2021-08-06 16:26:35,491 TRACE
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Located application context. Retrieving attribute definition store and
attribute definitions...>
2021-08-06 16:26:35,494 TRACE
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
*<Resolved
principal attributes [{permissions=[12345], myName=[myNameValue]}] for
[ghi] from attribute definition store>*
2021-08-06 16:26:35,494 TRACE
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Calling attribute policy [ReturnAllAttributeReleasePolicy] to process
attributes for [ghi]>
2021-08-06 16:26:35,494 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
*<Attribute
policy [ReturnAllAttributeReleasePolicy] allows release of
[{permissions=[12345], myName=[myNameValue]}] for [ghi]>*
2021-08-06 16:26:35,494 TRACE
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Attempting to merge policy attributes and default attributes>
2021-08-06 16:26:35,494 TRACE
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Checking default attribute policy attributes>
2021-08-06 16:26:35,494 TRACE
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Located application context. Retrieving default attributes for release, if
any>
2021-08-06 16:26:35,495 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Default attributes for release are: [[]]>
2021-08-06 16:26:35,496 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Default attributes found to be released are [{}]>
2021-08-06 16:26:35,496 TRACE
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Adding policy attributes to the released set of attributes>
2021-08-06 16:26:35,496 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Finalizing attributes release phase for principal [ghi] accessing service
[AbstractWebApplicationService(id=ghi, originalUrl=ghi, artifactId=null,
principal=null, source=null, loggedOutAlready=false, format=XML,
attributes={})] defined by registered service [^test$]...>
2021-08-06 16:26:35,496 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
*<Final
collection of attributes allowed are: [{myName=[myNameValue],
permissions=[12345]}]>*
2021-08-06 16:26:35,496 TRACE
[org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy] -
<Skipping access strategy policy, since no attributes rules are defined>
2021-08-06 16:26:35,496 TRACE
[org.apereo.cas.audit.spi.principal.ThreadLocalPrincipalResolver] -
<Resolving principal at audit point [execution(AuditableExecutionResult
org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer.execute(AuditableContext))]>
2021-08-06 16:26:35,496 TRACE
[org.apereo.cas.audit.spi.FilterAndDelegateAuditTrailManager] - <Recording
audit action context
[org.apereo.inspektr.audit.AuditActionContext@4675cdb6]>
2021-08-06 16:26:35,496 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [result=Service Access
Granted,service=ghi,principal=SimplePrincipal(id=ghi,
attributes={oauthClientId=[ghi]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Fri Aug 06 16:26:35 EDT 2021
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1%0
SERVER IP ADDRESS: 192.168.0.111
=============================================================
>
2021-08-06 16:26:35,506 TRACE
[org.apereo.cas.ticket.factory.DefaultTicketGrantingTicketFactory] -
<Attempting to encode ticket-granting ticket
[TGT-1-*****H9mO1PiUVdvy-EIABTzqA-https://localhost:7001]>
2021-08-06 16:26:35,506 TRACE
[org.apereo.cas.ticket.factory.DefaultTicketGrantingTicketFactory] -
<Encoded ticket-granting ticket id
[TGT-1-*****H9mO1PiUVdvy-EIABTzqA-https://localhost:7001]>
2021-08-06 16:26:35,507 DEBUG
[org.apereo.cas.ticket.expiration.builder.TicketGrantingTicketExpirationPolicyBuilder]
- <Ticket-granting ticket expiration policy is based on hard/idle timeouts
of [28800]/[7200] seconds>
2021-08-06 16:26:35,508 DEBUG
[org.apereo.cas.ticket.expiration.builder.TicketGrantingTicketExpirationPolicyBuilder]
- <Final effective time-to-live of ticket-granting ticket expiration policy
is [28800] seconds>
2021-08-06 16:26:35,508 TRACE
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Ticket
encryption is not enabled. Falling back to default behavior>
2021-08-06 16:26:35,508 DEBUG
[org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - <Added
ticket [TGT-1-*****H9mO1PiUVdvy-EIABTzqA-https://localhost:7001] to
registry.>
2021-08-06 16:26:35,509 TRACE
[org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing
[CasTicketGrantingTicketCreatedEvent(super=AbstractCasTicketGrantingTicketEvent(super=AbstractCasEvent(),
ticketGrantingTicket=TGT-1-*****H9mO1PiUVdvy-EIABTzqA-https://localhost:7001))]>
2021-08-06 16:26:35,509 TRACE
[org.apereo.cas.audit.spi.principal.ThreadLocalPrincipalResolver] -
<Resolving principal at audit point [execution(TicketGrantingTicket
org.apereo.cas.DefaultCentralAuthenticationService.createTicketGrantingTicket(AuthenticationResult))]>
2021-08-06 16:26:35,510 TRACE
[org.apereo.cas.audit.spi.FilterAndDelegateAuditTrailManager] - <Recording
audit action context
[org.apereo.inspektr.audit.AuditActionContext@3a4b439c]>
2021-08-06 16:26:35,510 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: ghi
WHAT: TGT-1-*****H9mO1PiUVdvy-EIABTzqA-https://localhost:7001
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri Aug 06 16:26:35 EDT 2021
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1%0
SERVER IP ADDRESS: 192.168.0.111
=============================================================
>
2021-08-06 16:26:35,510 TRACE
[org.apereo.cas.audit.spi.principal.ThreadLocalPrincipalResolver] -
<Resolving principal at audit point [execution(AuditableExecutionResult
org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantAuditableRequestExtractor.execute(AuditableContext))]>
2021-08-06 16:26:35,510 TRACE
[org.apereo.cas.audit.spi.FilterAndDelegateAuditTrailManager] - <Recording
audit action context
[org.apereo.inspektr.audit.AuditActionContext@75d09df2]>
2021-08-06 16:26:35,510 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: ghi
WHAT:
[token=N/A,client_id=ghi,service=ghi,grant_type=client_credentials,response_type=none,scopes=[]]
ACTION: OAUTH2_ACCESS_TOKEN_REQUEST_CREATED
APPLICATION: CAS
WHEN: Fri Aug 06 16:26:35 EDT 2021
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1%0
SERVER IP ADDRESS: 192.168.0.111
=============================================================
>
...
2021-08-06 16:26:35,586 DEBUG [org.apereo.cas.token.JwtBuilder] -
<Generated JWT [
{
"sub": "ghi",
"oauthClientId": "ghi",
"roles":[],
"iss": "https://localhost:7001/cas";,
"nonce": "",
"client_id": "ghi",
"aud": "ghi",
"grant_type": "CLIENT_CREDENTIALS",
"permissions":[],
"scope":[],
"claims":[],
"scopes":[],
"state": "",
"exp": 1628310395,
"iat": 1628281595,
"jti": "AT-1-lO4LvHl0OIPK2ndyOuPZbw6sctfAf0I-"
}]>
On Wednesday, August 4, 2021 at 9:50:25 AM UTC-4 Ken Hopkins wrote:
> Thanks for the reply Ray. I did have TRACE level debugging on, so I was
> getting those log messages. However, I hadn't really paid attention to
> them.
>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Initiating attributes release phase for principal [abc] accessing service
> [AbstractWebApplicationService(id=abc, originalUrl=abc, artifactId=null,
> principal=null, source=null, loggedOutAlready=false, format=XML,
> attributes={})] defined by registered service [abcdef]...>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Locating principal attributes for [abc]>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Loading global principal attribute repository with caching policies...>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Using principal attribute repository
> [DefaultPrincipalAttributesRepository()] to retrieve attributes>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository]
>
> - <Using [abc], no caching takes place for
> [DefaultPrincipalAttributesRepository] to add attributes.>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Found principal attributes [{oauthClientId=[abc]}] for [abc]>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Located application context. Retrieving attribute definition store and
> attribute definitions...>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <No attribute definitions are defined in the attribute definition store>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Resolved principal attributes [{oauthClientId=[abc]}] for [abc] from
> attribute definition store>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Calling attribute policy [ReturnAllAttributeReleasePolicy] to process
> attributes for [abc]>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Attribute policy [ReturnAllAttributeReleasePolicy] allows release of
> [{oauthClientId=[abc]}] for [abc]>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Attempting to merge policy attributes and default attributes>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Checking default attribute policy attributes>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Located application context. Retrievin2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Initiating attributes release phase for principal [abc] accessing service
> [AbstractWebApplicationService(id=abc, originalUrl=abc, artifactId=null,
> principal=null, source=null, loggedOutAlready=false, format=XML,
> attributes={})] defined by registered service [abcdef]...>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Locating principal attributes for [abc]>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Loading global principal attribute repository with caching policies...>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Using principal attribute repository
> [DefaultPrincipalAttributesRepository()] to retrieve attributes>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository]
>
> - <Using [abc], no caching takes place for
> [DefaultPrincipalAttributesRepository] to add attributes.>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Found principal attributes [{oauthClientId=[abc]}] for [abc]>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Located application context. Retrieving attribute definition store and
> attribute definitions...>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <No attribute definitions are defined in the attribute definition store>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Resolved principal attributes [{oauthClientId=[abc]}] for [abc] from
> attribute definition store>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Calling attribute policy [ReturnAllAttributeReleasePolicy] to process
> attributes for [abc]>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Attribute policy [ReturnAllAttributeReleasePolicy] allows release of
> [{oauthClientId=[abc]}] for [abc]>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Attempting to merge policy attributes and default attributes>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Checking default attribute policy attributes>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Located application context. Retrieving default attributes for release, if
> any>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Default attributes for release are: [[]]>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Default attributes found to be released are [{}]>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Adding policy attributes to the released set of attributes>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Finalizing attributes release phase for principal [abc] accessing service
> [AbstractWebApplicationService(id=abc, originalUrl=abc, artifactId=null,
> principal=null, source=null, loggedOutAlready=false, format=XML,
> attributes={})] defined by registered service [abcdef]...>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Final collection of attributes allowed are: [{oauthClientId=[abc]}]>g
> default attributes for release, if any>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Default attributes for release are: [[]]>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Default attributes found to be released are [{}]>
> 2021-08-04 09:44:54,124 TRACE
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Adding policy attributes to the released set of attributes>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Finalizing attributes release phase for principal [abc] accessing service
> [AbstractWebApplicationService(id=abc, originalUrl=abc, artifactId=null,
> principal=null, source=null, loggedOutAlready=false, format=XML,
> attributes={})] defined by registered service [abcdef]...>
> 2021-08-04 09:44:54,124 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Final collection of attributes allowed are: [{oauthClientId=[abc]}]>
>
> I think what I'm having trouble understanding is where the principal
> attributes are coming from, and how I can define more attributes for it to
> find. The one attribute that it found oauthClientId seems to be a
> built-in attribute.
>
> ------------------------------
> *From:* [email protected] <[email protected]> on behalf of Ray Bon <
> [email protected]>
> *Sent:* Tuesday, August 3, 2021 4:26 PM
> *To:* [email protected] <[email protected]>
> *Subject:* Re: [cas-user] CAS 6.2.x oauth client_credentials grant type
> jwt token custom claims/attributes
>
> Caution, this email may be from a sender outside Wolters Kluwer. Verify
> the sender and know the content is safe.
> Ken,
>
> Try this logger to see what cas is collecting as attributes:
>
> <!-- DEBUG Found principal attributes [...] for [username]
> Attribute policy [???] allows release of [...] for
> [username]
> Final collection of attributes allowed are: [...] -->
> <AsyncLogger
> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>
> level="debug"/>
>
> Ray
>
> On Tue, 2021-08-03 at 12:57 -0700, 'Ken Hopkins' via CAS Community wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> I am using the oauth2 client-credentials grant type, and am having trouble
> figuring out how to add attributes into the generated JWT.
>
> My service definition is:
> [
> OAuthRegisteredService(
> super=AbstractRegisteredService(
> serviceId=abcdef,
> name=API Test,
> theme=null,
> informationUrl=null,
> privacyUrl=null,
> responseType=null,
> id=-8936606407628949180,
> description=null,
> expirationPolicy=DefaultRegisteredServiceExpirationPolicy(
> deleteWhenExpired=false,
> notifyWhenDeleted=false,
> notifyWhenExpired=false,
> expirationDate=null
> ),
> acceptableUsagePolicy=DefaultRegisteredServiceAcceptableUsagePolicy(
> enabled=true,
> messageCode=null,
> text=null
> ),
>
> proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1,
> proxyTicketExpirationPolicy=null,
> proxyGrantingTicketExpirationPolicy=null,
> serviceTicketExpirationPolicy=null,
> singleSignOnParticipationPolicy=null,
> evaluationOrder=0,
>
> usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2,
> logoutType=BACK_CHANNEL,
> environments=[],
> attributeReleasePolicy=ReturnAllowedAttributeReleasePolicy(
> super=AbstractRegisteredServiceAttributeReleasePolicy(
> attributeFilter=null,
>
> principalAttributesRepository=DefaultPrincipalAttributesRepository(),
> consentPolicy=DefaultRegisteredServiceConsentPolicy(
> enabled=true,
> excludedAttributes=null,
> includeOnlyAttributes=null,
> order=0
> ),
> authorizedToReleaseCredentialPassword=false,
> authorizedToReleaseProxyGrantingTicket=false,
> excludeDefaultAttributes=false,
> authorizedToReleaseAuthenticationAttributes=true,
> principalIdAttribute=null,
> order=0
> ),
> allowedAttributes=[myName]
> ),
> multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(
> multifactorAuthenticationProviders=[],
> failureMode=UNDEFINED,
> principalAttributeNameTrigger=null,
> principalAttributeValueToMatch=null,
> bypassEnabled=false,
> forceExecution=false,
> bypassTrustedDeviceEnabled=false,
> bypassPrincipalAttributeName=null,
> bypassPrincipalAttributeValue=null,
> script=null
> ),
> logo=null,
> logoutUrl=null,
> redirectUrl=null,
> accessStrategy=DefaultRegisteredServiceAccessStrategy(
> order=0,
> enabled=true,
> ssoEnabled=true,
> unauthorizedRedirectUrl=null,
>
> delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(
> allowedProviders=[],
> permitUndefined=true,
> exclusive=false
> ),
> requireAllAttributes=true,
> requiredAttributes={},
> rejectedAttributes={},
> caseInsensitive=false
> ),
> publicKey=null,
> authenticationPolicy=DefaultRegisteredServiceAuthenticationPolicy(
> requiredAuthenticationHandlers=[],
>
> criteria=AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria(
> tryAll=false
> )
> ),
> properties={
>
> *permissions=DefaultRegisteredServiceProperty(values=[1373037743]),
> claims=DefaultRegisteredServiceProperty(values=[1366926713])*,
> accessTokenAsJwtSigningKey=DefaultRegisteredServiceProperty(
> values=[classpath:/etc/cas/config/cas-private.key]
> ),
> accessTokenAsJwtSigningEnabled=DefaultRegisteredServiceProperty(
> values=[true]
> ),
> *myName=DefaultRegisteredServiceProperty(values=[583852201])*
> },
> contacts=[]
> ),
> clientSecret=def,
> clientId=abc,
> bypassApprovalPrompt=false,
> generateRefreshToken=false,
> renewRefreshToken=false,
> jwtAccessToken=true,
> codeExpirationPolicy=null,
> accessTokenExpirationPolicy=null,
> refreshTokenExpirationPolicy=null,
> deviceTokenExpirationPolicy=null,
> supportedGrantTypes=[client_credentials],
> supportedResponseTypes=[]
> )
> ]
> The jwt token that gets created is:
> {
> "sub": "abc",
> "oauthClientId": "abc",
> "roles":[],
> "iss": "https://localhost:7001/cas";,
> "nonce": "",
> "client_id": "abc",
> "aud": "abc",
> "grant_type": "CLIENT_CREDENTIALS",
> "permissions":[],
> "scope":[],
> "claims":[],
> "scopes":[],
> "state": "",
> "exp": 1628045011,
> "iat": 1628016211,
> "jti": "AT-2-vjOSaRnTRYfARo-fX-ZVsDB-dLVLjBRz"
> }
>
> As a test I'm trying to get a property myName to show up in the jwt
> token. I'm ultimately trying to populate the permissions property.
>
> When using other grant types such as password, I'm able add custom
> attributes to the jwt token just fine. I'm using REST authentication, so I
> can just return custom attributes in the response to CAS's login call.
> However, since CAS doesn't make a REST authentication call for
> client_credentials, that technique doesn't help here. In this case, I'm
> using a RESTful Service Registry (
> https://apereo.github.io/cas/6.3.x/services/REST-Service-Management.html)
> in case that's relevant.
>
> Thanks for any ideas or insights,
> Ken
>
> --
> - Website: https://apereo.github.io/cas
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=04%7C01%7CKenneth.E.Hopkins%40wolterskluwer.com%7C7a5f9c96bf574848c85c08d956bd0c62%7C8ac76c91e7f141ffa89c3553b2da2c17%7C0%7C0%7C637636192239274784%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=jJ1kMlyNIH9wA0kOAP62lNpjWIRcM2xZ%2F5qgugwuK8M%3D&reserved=0>
> - Gitter Chatroom: https://gitter.im/apereo/cas
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=04%7C01%7CKenneth.E.Hopkins%40wolterskluwer.com%7C7a5f9c96bf574848c85c08d956bd0c62%7C8ac76c91e7f141ffa89c3553b2da2c17%7C0%7C0%7C637636192239284741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UcFFBpm0nlEIntjmpcHDHBqJ9MNzUF0St3EgBuZBKlg%3D&reserved=0>
> - List Guidelines: https://goo.gl/1VRrw7
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=04%7C01%7CKenneth.E.Hopkins%40wolterskluwer.com%7C7a5f9c96bf574848c85c08d956bd0c62%7C8ac76c91e7f141ffa89c3553b2da2c17%7C0%7C0%7C637636192239284741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bROhGHTrXSfunBx2hftVX4jVad3Ebluaku7kfS6KfoU%3D&reserved=0>
> - Contributions: https://goo.gl/mh7qDG
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=04%7C01%7CKenneth.E.Hopkins%40wolterskluwer.com%7C7a5f9c96bf574848c85c08d956bd0c62%7C8ac76c91e7f141ffa89c3553b2da2c17%7C0%7C0%7C637636192239294694%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=DKp9JURNZQHwzTA6r4oyrGlLK5vIZ%2FTaQYrZAS%2Bmfic%3D&reserved=0>
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "CAS Community" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/a/apereo.org/d/topic/cas-user/cVW85fe1aVU/unsubscribe
>
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Ftopic%2Fcas-user%2FcVW85fe1aVU%2Funsubscribe&data=04%7C01%7CKenneth.E.Hopkins%40wolterskluwer.com%7C7a5f9c96bf574848c85c08d956bd0c62%7C8ac76c91e7f141ffa89c3553b2da2c17%7C0%7C0%7C637636192239294694%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=WRTBWIBxYxgMK4kujgr1yBfVPwKTAKNbAphL8%2FlrHMI%3D&reserved=0>
> .
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1aaa3f07540070d001ebaca2fe208fcb0722857f.camel%40uvic.ca
>
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2F1aaa3f07540070d001ebaca2fe208fcb0722857f.camel%2540uvic.ca%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7CKenneth.E.Hopkins%40wolterskluwer.com%7C7a5f9c96bf574848c85c08d956bd0c62%7C8ac76c91e7f141ffa89c3553b2da2c17%7C0%7C0%7C637636192239294694%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0qKyxi1Fmqx0Ww9iq18xLSkND31ZCMF4BlqEq2d8D3U%3D&reserved=0>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/02b0b962-a872-4613-880e-4ccd4e50d261n%40apereo.org.
