Luís, It is possible to get attributes at time of authentication for ldap and jdbc.
cas.authn.ldap[0].principal-attribute-list= \ mail, \ cn, \ sn, \ givenName That will give you one source. See https://apereo.github.io/cas/6.6.x/authentication/LDAP-Authentication.html Does your user identifier exist in the non target DAOs? If not, then that DAO will not return any attributes, so the only cost is time taken to perform the lookup. There is a custom attribute resolver option, https://apereo.github.io/cas/6.6.x/integration/Attribute-Resolution-Custom.html And scriptable filter option, https://apereo.github.io/cas/6.6.x/integration/Attribute-Resolution-LDAP.html#ldap-scriptable-search-filter The applicationContext will have some properties that identify the authn method. The above two approaches will get user attributes prior to person directory actions. I have not worked with person directory so can not say how to manipulate it. Ray On Wed, 2023-10-11 at 06:48 -0700, Luís Costa wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I'm implementing CAS 6.6.x (currently I have 6.6.8), and I need to make an association between authentication handlers and attribute repositories / PersonAttributeDaos, for example, LdapAuthHandler[0] => Dao1, Dao2 and JdbcAuthHandler[0] => Dao1, Dao3. The goal is that each auth handler only tries to get attributes from the attribute repositories that make sense to it. I'm trying to do this, by creating a custom property in cas.properties for each auth handler, that holds a comma-separated list of one or more attribute repositories Ids (defined in standard props "cas.authn.attribute-repository.<ldap/jdbc/etc>.id"). I got this ideia from the standard property "cas.person-directory.active-attribute-repository-ids". Then, my plan is to extend the PersonDirectoryPrincipalResolver and manipulate the context.attributeRepository.personAttributeDaos, so that only the Daos that the auth handler "supports" are "executed". Does this makes sense? Is it a possible and logic solution? Is there a better "standard solution" ? Best regards, Luís Costa -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/afe9a491c4c31096c1841059f6c407b36797bded.camel%40uvic.ca.