Michael A Grady
mgrady at unicon.net
Mon Apr 22 14:46:22 EDT 2019
That's one way, but as the IdP wiki documentation states:
• The XML response delivered by the /serviceValidate URI includes the <cas:attributes> extension supported by most CAS clients."
An extension to the original CAS 2 protocol, that was codified with CAS Protocol v3
So you can get attributes sent with either /samlValidate or /serviceValidate. You control it with the filter file, I find it easiest to use a Group name reference in the release rules that ties to the group name used in the cas-protocol.xml file.
The other thing to be aware of is that the "name" of the attribute will be the ID for its definition, not the attribute encoder name. At least for /serviceValidate (I haven't used the /samlValidate endpoint.)
> On Apr 22, 2019, at 12:39 PM, Cantor, Scott <cantor.2 at OSU.EDU> wrote:
> On 4/22/19, 1:35 PM, "users on behalf of Liam Hoekenga" <users-bounces at shibboleth.net on behalf of liamr at umich.edu> wrote:
>> It'd use SAML 1 attribute encoding then?
> I believe so.
> -- Scott
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> This email has been scanned for spam and viruses by Proofpoint Essentials. Visit the following link to report this email as spam:
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users