This site requires JavaScript to be enabled
OIT Knowledge Base >  > Retrieve Attributes from CAS Single Sign-on
Retrieve Attributes from CAS Single Sign-on
Article: KB0029066 Published: 2017-11-09 Last modified: 2018-07-22

CAS single sign-on is the preferred method of authentication for campus websites and internal applications. CAS also offers retrieval of select attributes. CAS includes web single sign-on for anyone with a BYU Account - not just faculty, students, and staff.  

Note:  For additional attributes, a wide variety of APIs is available at api.byu.edu/store. Additional attributes can be requested at InfoHub.byu.edu and instructions for API usage can be found at developer.byu.edu.

Here is information about using CAS to authenticate users and retrieve user attributes:

Step 1:  Install CAS Client and configure for use at BYU:

  1. Choose a CAS Client from official client list (.NET, Java, PHP, Apache). Each client has a unique way of distributing packages. Choose a client appropriate for your product.
  2. Install CAS Client in your environment
  3. Configure CAS client with BYU CAS endpoints 

 

Step 2:  Retrieve available attributes (optional): 

  1. If you're on a BYU subdomain, and you have a BYU issued SSL Certificate you will receive the following attributes:

     

    activeEligibletoRegisterStudent
    activeFulltimeEmployee
    activeFulltimeInstructor
    activeFulltimeNonBYUEmployee
    activeParttimeEmployee
    activeParttimeInstructor
    activeParttimeNonBYUEmployee
    alumni
    byuId
    emailAddress
    fullName
    idCardPrimaryRole
    inactiveFulltimeEmployee
    inactiveFulltimeInstructor
    inactiveFulltimeNonBYUEmployee
    inactiveParttimeEmployee
    inactiveParttimeInstructor
    inactiveParttimeNonBYUEmployee
    memberOf
    mfa
    name
    netId
    organization
    personId
    preferredFirstName
    preferredSurname
    restOfName
    restricted
    sortName
    surname
  2. If you are on a BYU subdomain without a BYU issued SSL Certificate, you will receive Net ID only.
  3. If you neither utilize a BYU subdomain nor have a BYU issed SSL Certificate, you will not receive any attributes.

 

EXAMPLE:

Here is an example installation and configuration, as if our application was based on Java running on Tomcat 7. 

We select the Java CAS client and install:

  1. Add the following as a dependency in your applications pom.xml

    <dependency>
        <groupId>org.jasig.cas.client</groupId>
        <artifactId>cas-client-core</artifactId>
        <version>3.4.1</version>
        <exclusions>
            <exclusion>
                <groupId>javax.servlet</groupId>
                <artifactId>servlet-api</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
     
    <dependency>
        <groupId>org.jasig.cas.client</groupId>
        <artifactId>cas-client-support-saml</artifactId>
        <version>3.4.1</version>
    </dependency>

    2. Configure the Java class client.

    1.  add the following filters to your web.xml

    <filter>
      <filter-name>CAS Authentication Filter</filter-name>
      <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
      <init-param>
        <param-name>casServerLoginUrl</param-name>
        <param-value>https://cas.byu.edu/cas/login</param-value>
      </init-param>
      <init-param>
        <param-name>serverName</param-name>
        <param-value>https://example.byu.edu</param-value> /*(use your server name)*/
      </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
      
    <filter>
      <filter-name>CAS Validation Filter</filter-name>
      <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
      <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>https://cas.byu.edu/cas</param-value>
      </init-param>
      <init-param>
        <param-name>serverName</param-name>
        <param-value>https://example.byu.edu</param-value> /*(use your server name)*/
      </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
      
        <filter>
            <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
            <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
        </filter>
     
        <filter-mapping>
            <filter-name>CAS Validation Filter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
     
        <filter-mapping>
            <filter-name>CAS Authentication Filter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
     
        <filter-mapping>
            <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>

     

    See the following example code here for retrieving available attributes

     


Expand/Collapse Comments
:     
Was this helpful?
YesYesNoNo
Rate this article