...
Retrieval of custom attributes allows LPPE to detect certain ldap error codes and condition that do not prevent ldap authentication. For instance, in working with OpenLdap a given account may be able to successfully log in even through a flag is set to indicate the account is locked. Defining custom attributes and their evaluation prior to authentication can support this use case.
Support for retrieval of authentication attributes is not available in CAS 3.5.x, which is partially the reason LPPE in CAS 3.5.x has to execute a second ldap query to retrieve the needed elements from ldap.
Support for Custom WebFlow States
TODO
...