Chia-Ying Yang
unread,Jul 29, 2021, 11:58:27 AM7/29/21Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to cas-...@apereo.org
I've configured CAS with authentication delegation (Pac4J Google) +
attribute resolution (REST) + interrupt notification (REST).
My attribute resolution REST endpoint translates the principal ID
returned from delegated authentication (of the format
org.pac4j.oauth.profile.google2.Google2Profile#[number], as I have
cas.authn.pac4j.core.typed-id-used=true) and returns it as an attribute
"principal", and together with the
cas.person-directory.principal-attribute=principal setting, this
principal ID then becomes the user's "final" principal ID.
In 5.3.x, the "final" principal ID is then being used to call the
interrupt notification REST endpoint. This is what I expect.
In 6.3.x / 6.4.x however, the original principal ID
org.pac4j.oauth.profile.google2.Google2Profile#[number] is being used to
call the interrupt notification REST endpoint. Is this an intentional
change or is this a possible bug?
Thanks,
Chia-Ying