Intercept Flows and checking raw LDAP attributes

Cantor, Scott cantor.2 at
Tue Aug 4 11:05:23 EDT 2015

On 8/4/15, 10:42 AM, "users on behalf of Marvin Addison" <users-bounces at on behalf of marvin.addison at> wrote:
>All configured attributes are released for CAS since there's no concept of attribute encoding in that protocol. I could probably make CAS behave similarly, but I'm somewhat ambivalent whether it makes sense. On the one hand it's a feature that I use in my own institutional configuration to do what I want; on the other hand there's conflict with the audit log and actual data that appears in the outgoing assertion (as you noted). I also found it somewhat surprising initially, but that may have been due to ignorance as much as anything else.

Well, the issue has been fixed for the next release but for the moment it's definitely something people should bear in mind.

I'd probably do something about the log if we didn't have a better workaround already implemented.

-- Scott

More information about the users mailing list