CAS 7.3.5 SAML Attribute Names Changed to OID URNs After Migration from 6.6.15

[Mohamed Iheb JEMAI]

Hi CAS Community,

After migrating CAS SSO from 6.6.15 to 7.3.5, I noticed a strange behavior that is currently blocking our SAML SSO login.

In the SAML POST response, some released attributes such as mail and givenName are no longer returned with their original attribute names. Instead, CAS seems to transform them into OID-based names, for example:

urn:oid:0.9.2342.19200300.100.1.3

Before the migration, the attributes were returned as expected, for example:

Name="mail"

I attached screenshots of the SAML response before/after migration, the SP metadata, and the current CAS service registry JSON.

Is there a specific configuration in CAS 7.3.5 to force SAML attribute names to be released as their original names, such as mail and givenName, instead of OID URNs?

Thanks in advance for your help.

[Richard Frovarp]

See https://groups.google.com/a/apereo.org/g/cas-user/c/fsb8r6wJk9k/m/v8-Jw-m6AgAJ for the best answer I was able to get / find.

--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bc17180f-f498-4517-b6a2-d9a516f22f04n%40apereo.org.

[Eugene Willis]

Add a blank file called  samlidp-attribute-definitions.json in your classes directory. Should fix it.

Sent from my iPhone

On Jun 10, 2026, at 11:41 AM, 'Richard Frovarp' via CAS Community <cas-...@apereo.org> wrote:



To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/370b672d-f512-43a1-a74d-0df48cf6ca8d%40ndsu.edu.

[Mohamed Iheb JEMAI]

it works !! thank you very much :)