Return uid in attribute list?

[Mike Osterman]

Hello,

We're new to "modern" CAS (moving from 3.x to 5.x), and have run into an issue. We configured an attribute release filter to return mail & uid:

"attributeReleasePolicy" : {

"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",

"allowedAttributes" : [ "java.util.ArrayList", [ "mail", "uid" ] ]

}

But for some reason, the response is coming back with only "mail" in the attribute list and the uid listed as property called "id":

principal=SimplePrincipal(id=username, attributes={mail=[user...@whitman.edu]}),requiredAttributes={}

I found this reference to the "principalIdAttribute" that states "By default, the principal id is NOT released as an attribute."

https://apereo.github.io/cas/5.3.x/integration/Attribute-Release-Policies.html

I can see where we have it listed as principalIdAttribute in our config:

cas.authn.ldap[0].principalAttributeId=uid

So I can see why it's mapping to the principal id and would not release by default, but I can't discern from the documentation how to change the default behavior to release it as part of the attribute list.

Any ideas?

Thank you,

Mike

[Misagh Moayyed]

So I can see why it's mapping to the principal id and would not release by default, but I can't discern from the documentation how to change the default behavior to release it as part of the attribute list.

Any ideas?

Have you looked at “principalIdAttribute”?

https://apereo.github.io/cas/5.3.x/integration/Attribute-Release-Policies.html

Perhaps:

"attributeReleasePolicy" : {

   "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",

   "allowedAttributes" : [ "java.util.ArrayList", [ "mail", "uid" ] ],

   “principalIdAttribute”: "uid"

}

[Misagh Moayyed]

Apologies for the rather quick response; I realize you have certainly looked at that flag and relevant page in the docs. I think you're only missing that construct in your release policy. My example should help, I hope.