Excluding system generated attributes in SAML response

Dustin J Luck

unread,

May 15, 2019, 2:25:59 PM5/15/19

to CAS Community

I have set up an SP in my service registry in CAS 5.3.2. All of the attributes I have included via the attributeReleasePolicy are being included in the response, however, many attributes that I didn't specify are being included as well. This is causing an error with the SP because the attributes are unexpected. Is there any way to exclude them? How would I do so?

These are the attributes in question:

credentialType
samlAuthenticationStatementAuthMethod
isFromNewLogin
bypassMultifactorAuthentication
authenticationDate
authenticationMethod
authnContextClass
successfulAuthenticationHandlers
longTermAuthenticationRequestTokenUsed

Thanks

-Dustin

Misagh Moayyed

unread,

May 15, 2019, 2:33:15 PM5/15/19

to cas-...@apereo.org

https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#protocol-attributes

cas.authn.releaseProtocolAttributes=false

cas.authn.authenticationAttributeRelease.neverRelease=A,B,C,D

--Misagh

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/44a76c02-0a44-4adf-b4cf-0658185c450a%40apereo.org.

Dustin J Luck

unread,

May 15, 2019, 2:58:15 PM5/15/19

to CAS Community, mmoa...@unicon.net

Thanks, Misagh. The first line did the trick!

-Dustin

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

Reply all

Reply to author

Forward