Intercept Flows and checking raw LDAP attributes
cantor.2 at osu.edu
Tue Aug 4 11:05:23 EDT 2015
On 8/4/15, 10:42 AM, "users on behalf of Marvin Addison" <users-bounces at shibboleth.net on behalf of marvin.addison at gmail.com> wrote:
>All configured attributes are released for CAS since there's no concept of attribute encoding in that protocol. I could probably make CAS behave similarly, but I'm somewhat ambivalent whether it makes sense. On the one hand it's a feature that I use in my own institutional configuration to do what I want; on the other hand there's conflict with the audit log and actual data that appears in the outgoing assertion (as you noted). I also found it somewhat surprising initially, but that may have been due to ignorance as much as anything else.
Well, the issue has been fixed for the next release but for the moment it's definitely something people should bear in mind.
I'd probably do something about the log if we didn't have a better workaround already implemented.
More information about the users