CAS attribtues?

Michael A Grady mgrady at
Mon Apr 22 14:46:22 EDT 2019

That's one way, but as the IdP wiki documentation states: <>

  "Notable features:
	• The XML response delivered by the /serviceValidate URI includes the <cas:attributes> extension supported by most CAS clients."

An extension to the original CAS 2 protocol, that was codified with CAS Protocol v3

So you can get attributes sent with either /samlValidate or /serviceValidate. You control it with the filter file, I find it easiest to use a Group name reference in the release rules that ties to the group name used in the cas-protocol.xml file.

The other thing to be aware of is that the "name" of the attribute will be the ID for its definition, not the attribute encoder name. At least for /serviceValidate (I haven't used the /samlValidate endpoint.)

> On Apr 22, 2019, at 12:39 PM, Cantor, Scott <cantor.2 at OSU.EDU> wrote:
> On 4/22/19, 1:35 PM, "users on behalf of Liam Hoekenga" <users-bounces at on behalf of liamr at> wrote:
>> It'd use SAML 1 attribute encoding then? 
> I believe so.
> -- Scott
> -- 
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to users-unsubscribe at
> ----------
> This email has been scanned for spam and viruses by Proofpoint Essentials. Visit the following link to report this email as spam:

Michael A. Grady
IAM Architect, Unicon, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list