CAS Attribute Release Policy

This policy is relevant to both LDAP and CAS and is informative for our Shibboleth Identity Provider service.

Table of Contents

Overview

CAS supports an attribute release policy.  An attribute release policy allows for the release of additional information upon a successful authentication.  This additional information may be used by the application to determine if a person who has successfully authenticated is also authorized to use one or more of the application's features.

Data Governance Warning

Requests to release attributes to 3rd-party agents, such as hosted services, will ALWAYS require a Data Governance Data Process (DGP) Request approval before IAM can complete the request. See the Data Governance link below for the DGP form and request process.


Use of CAS is subject to the following executive policies and procedures:

Specifically, UHIMS authorization services such as CAS and Shibboleth release attributes defined as "restricted."  These services are, therefore, subject to UH Data Governance practices as defined by the UH Data Governance Committee.  For more information:

CAS Default Attribute Release Policy

ITS reserves the right to periodically add new attributes to LDAP and CAS. Developers should anticipate this possibility when integrating apps with CAS.

AttributeAttribute notes/descriptionAvailable

uid

UH Usernamefrom the start

uhUuid

UH Numberfrom the start

givenName

First Namefrom the start

sn

Last Namefrom the start

cn

Common Name (aka the official Full Name)from the start

displayName

Display Name (perhaps a more common nickname, otherwise same as cn, may not be available)from the start

eduPersonAffiliation

Affiliation (User may have multiple affiliations.)from the start

eduPersonOrgDN

Organization (User may have multiple organizations.)from the start
eduPersonPrincipalNameGlobally unique identifiersince Oct 30, 2016

uhOrgAffiliation

UH Affiliation (combines both Affiliation and Organization, and again the user may have multiple affiliations.)from the start

uhScopedHomeOrg

Primary/Home Campus (also includes related attributes)since Oct 30, 2016

uhBargainingUnit

UH Bargaining Unitsince Aug 15, 2017

facsimileTelephoneNumber

Office FAX Number

since Oct 8, 2014

labeledURI

Personal Home Page URI

since Oct 8, 2014

uhEmail

UH Official Email (single value); always a hawaii.edu address.since Oct 30, 2016

mail

Email (multi-valued)since Oct 8, 2014

ou

Department Name

since Oct 8, 2014

physicalDeliveryOfficeName

Office Location

since Oct 8, 2014

telephoneNumber

Office Telephone Number

since Oct 8, 2014

title

Job Title

since Oct 8, 2014

uhAcknowledgement

UH Acknowledgement (see ACER for more information)

since Oct 8, 2014

uhReleasedGrouping

UH Released Grouping Memberships (see UH Groupings for more information)since Oct 30, 2016

More information on how CAS information gets updated