WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Anonymous Principal Id
The following options are available to produce anonymous usernames.
Transient
Provides an opaque identifier for the username.
1
2
3
4
5
6
7
8
9
10
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"serviceId" : "sample",
"name" : "sample",
"id" : 500,
"description" : "sample",
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.AnonymousRegisteredServiceUsernameAttributeProvider"
}
}
Persistent
Provides an opaque identifier for the username. The opaque identifier by default conforms to the requirements
of the eduPersonTargetedID attribute. The generated id may be based off of an existing principal
attribute. If left unspecified or attribute not found, the authenticated principal id is used.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"serviceId" : "sample",
"name" : "sample",
"id" : 500,
"description" : "sample",
"usernameAttributeProvider" : {
"@class" : "org.apereo.cas.services.AnonymousRegisteredServiceUsernameAttributeProvider",
"persistentIdGenerator" : {
"@class" : "org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
"salt" : "aGVsbG93b3JsZA==",
"attribute": ""
}
}
}
To simulate the behavior, you may also try the following command:
1
2
3
perl -e 'use Digest::SHA qw(sha1_base64); \
$digest = sha1_base64("$SERVICE!$USER!$SALT"); \
$eqn = length($digest) % 4; print $digest; print "=" x (4-$eqn) . "\n"'
Replace $SERVICE (the url of the application under test), $USER and $SALT with the appropriate values for the test.