I was able to sort it out. Thank you, Matt
On Saturday, March 30, 2024 at 1:46:24 PM UTC-4 Matthew Gordon wrote: > Hello, > > I followed this ( > https://fawnoos.com/2019/03/15/cas61x-attribute-repositories/), to define > a service to use a specific attribute repository to obtain extra attributes > for a single service. > > I only need these attributes for the one service, so I would rather not > query them unless the user is attempting to authenticate to a minimally > used service. > > Config: > > #======================================== > # CAS PERSON DIRECTORY > #======================================== > cas.person-directory.active-attribute-repository-ids=NONE > cas.person-directory.attribute-resolution-enabled=false > cas.person-directory.principalAttribute=sAMAccountName > cas.person-directory.return-null=false > cas.person-directory.principal-resolution-failure-fatal=true > cas.person-directory.use-existing-principal-id=false > cas.authn.attribute-repository.core.merger=ADD > > > #======================================== > # REST ATTRIBUTE REPOSITORY > #======================================== > cas.authn.attribute-repository.rest[0].id=REST_REPO > cas.authn.attribute-repository.rest[0].order=1 > cas.authn.attribute-repository.rest[0].url=https://host/folder/ > cas.authn.attribute-repository.rest[0].basic-auth-username=test > cas.authn.attribute-repository.rest[0].basic-auth-password=test > cas.authn.attribute-repository.rest[0].state=ACTIVE > cas.authn.attribute-repository.rest[0].username-attribute=employeeID > cas.authn.attribute-repository.rest[0].method=GET > > If I set these to: > > cas.person-directory.active-attribute-repository-ids=REST_REPO > cas.person-directory.attribute-resolution-enabled=true > > It appears to lookup the attributes on every request and returns the > desired attributes. > > I was hoping to use a service: > > { > "@class" : "org.apereo.cas.services.CasRegisteredService", > "id":10, > "serviceId":"^(https://test.com/).*", > "name":"TEST", > "description":"TEST", > "ssoEnabled":true, > "evaluationOrder":10, > "attributeReleasePolicy" : { > "@class" : > "org.apereo.cas.services.ReturnAllAttributeReleasePolicy", > "principalAttributesRepository" : { > "@class" : > "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository", > "ignoreResolvedAttributes": false, > "attributeRepositoryIds": ["java.util.HashSet", [ "REST_REPO" > ]], > "mergingStrategy" : "ADD" > } > } > } > > to use that attribute repo. > > Is this possible, and if so, what do I need to do to make it work? > > I know for example, with surrogate auth, I don't specifically need the > person directory working on every request, just the ones that use that > flow... > > Thank you, > Matt > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2e4971be-d72a-4617-a16f-4cadf034dd8bn%40apereo.org.
