Providing attributes from CAS
Cantor, Scott
cantor.2 at osu.edu
Mon Apr 8 14:07:56 EDT 2013
On 4/8/13 1:58 PM, "Stein, Eric" <steine at locustec.com> wrote:
>Is there a simple example that shows how to do this for the username? It
>looks like the IdPAddAttribute examples are hitting a database to pull
>the attribute.
You're looking at data connectors, this is an attribute definition
function. There are a dozen or more attribute definition types that do
different things and can operate on the username either directly or via
requestContext.principalName
A username in a local SSO system is not safe to use at scale in most cases
in a federated environment, so passing it as is is normally not the right
thing to do. The Principal definition can do that. The Scoped or Prescoped
definitions can turn them into globally usable identifiers. The Template
definition can do more general transformations on it.
-- Scott
More information about the users
mailing list