Hi CAS Community,
After migrating CAS SSO from 6.6.15 to 7.3.5, I noticed a strange behavior that is currently blocking our SAML SSO login.
In the SAML POST response, some released attributes such as mail and givenName are no longer returned with their original attribute names. Instead, CAS seems to transform them into OID-based names, for example:
urn:oid:0.9.2342.19200300.100.1.3
Before the migration, the attributes were returned as expected, for example:
Name="mail"
I attached screenshots of the SAML response before/after migration, the SP metadata, and the current CAS service registry JSON.
Is there a specific configuration in CAS 7.3.5 to force SAML attribute names to be released as their original names, such as mail and givenName, instead of OID URNs?
Thanks in advance for your help.
See https://groups.google.com/a/apereo.org/g/cas-user/c/fsb8r6wJk9k/m/v8-Jw-m6AgAJ for the best answer I was able to get / find.
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bc17180f-f498-4517-b6a2-d9a516f22f04n%40apereo.org.
On Jun 10, 2026, at 11:41 AM, 'Richard Frovarp' via CAS Community <cas-...@apereo.org> wrote:
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/370b672d-f512-43a1-a74d-0df48cf6ca8d%40ndsu.edu.
Hi CAS Community,
The samlidp-attribute-definitions.json workaround fixed the original issue, and SAML attributes are now returned with their original names (mail, givenName, etc.).
However, after adding the file, the CAS login success page no longer displays any principal attributes. Before the change, I could see LDAP attributes such as mail, givenName, displayName, memberOf, etc.
Authentication still succeeds, but the Principal Attributes table is now empty.
Is this expected? Do I need to define the attributes explicitly in samlidp-attribute-definitions.json?
Thanks for your help.