CAS Attribute Release Policy
This policy is relevant to both LDAP and CAS and is informative for our Shibboleth Identity Provider service.
Table of Contents
Overview
CAS supports an attribute release policy. An attribute release policy allows for the release of additional information upon a successful authentication. This additional information may be used by the application to determine if a person who has successfully authenticated is also authorized to use one or more of the application's features.
Data Governance Warning
Requests to release attributes to 3rd-party agents, such as hosted services, will ALWAYS require a Data Governance Data Process (DGP) Request approval before IAM can complete the request. See the Data Governance link below for the DGP form and request process.
Use of CAS is subject to the following executive policies and procedures:
- E2.214, Security and Protection of Sensitive Information
- E2.215, Institutional Data Governance
- AP 7.022, Procedures Related to Protection of the Educational Rights and Privacy of Students
Specifically, UHIMS authorization services such as CAS and Shibboleth release attributes defined as "restricted." These services are, therefore, subject to UH Data Governance practices as defined by the UH Data Governance Committee. For more information:
CAS Default Attribute Release Policy
ITS reserves the right to periodically add new attributes to LDAP and CAS. Developers should anticipate this possibility when integrating apps with CAS.
Attribute | Attribute notes/description | Available |
---|---|---|
UH Username | from the start | |
UH Number | from the start | |
First Name | from the start | |
Last Name | from the start | |
Common Name (aka the official Full Name) | from the start | |
Display Name ( perhaps a more common nickname, otherwise same as cn , may not be available) | from the start | |
Affiliation (User may have multiple affiliations.) | from the start | |
Organization (User may have multiple organizations.) | from the start | |
eduPersonPrincipalName | Globally unique identifier | since Oct 30, 2016 |
UH Affiliation (combines both Affiliation and Organization, and again the user may have multiple affiliations.) | from the start | |
Primary/Home Campus (also includes related attributes) | since Oct 30, 2016 | |
UH Bargaining Unit | since Aug 15, 2017 | |
Office FAX Number | since Oct 8, 2014 | |
Personal Home Page URI | since Oct 8, 2014 | |
UH Official Email (single value); always a hawaii.edu address. | since Oct 30, 2016 | |
Email (multi-valued) | since Oct 8, 2014 | |
Department Name | since Oct 8, 2014 | |
Office Location | since Oct 8, 2014 | |
Office Telephone Number | since Oct 8, 2014 | |
Job Title | since Oct 8, 2014 | |
UH Acknowledgement (see ACER for more information) | since Oct 8, 2014 | |
UH Released Grouping Memberships (see UH Groupings for more information) | since Oct 30, 2016 |