CAS 5: Authenticaton attributes

[Baron Fujimoto]

CAS 5 returns authentication attributes (e.g., authenticationMethod,
successfulAuthenticationHandlers) in addition to principal attributes.

Are these documented somewhere? Are they considered officially supported
features that applications using CAS can rely on? For example, an
application may want to know if MFA was used when authenticating a user.
Is there a way to provide this information to the application?

Empirically, it doesn't seem to be derivable from the observable
authentication attributes. For example, I see the following returned even
for a user that is not enrolled with Duo and thus is not prompted for the
Duo MFA when authenticating.

authnContextClass: mfa-duo
successfulAuthenticationHandlers: [LdapAuthenticationHandler, DuoAuthenticationHandler]
authenticationMethod: [LdapAuthenticationHandler, DuoAuthenticationHandler]

Aloha,
-baron
--
Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum