I’m still having an issue with CAS returning all attributes even though the service to return only allowed attributes. It is logging that it is only going to return the correct attributes (see below) but what the app gets is all attributes. I’ve looked at everything I can think of and still can’t see why it is doing this.
Ted F. Fisher Information Technology Services [Description: BGSU] From: Ted Fisher Sent: Friday, April 22, 2016 10:48 AM To: '[email protected]' <[email protected]> Subject: more attributes returned than allowed While we have all of our services set for ReturnAllowedAttributeReleasePolicy, The CAS response received by the app includes all attributes that were resolved. We logged this: 2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.CentralAuth enticationServiceImpl] - Attribute policy [org.jasig.cas.services.ReturnAllowedA ttributeReleasePolicy@1985a180[attributeFilter=<null>,principalAttributesReposit ory=org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository@ 41d517d6[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyG rantingTicket=false,allowedAttributes=[FirstName, LastName, email, Affiliation]] ] is associated with service [id=10001301,name=BGSU_Calendar_Test_Admin,descript ion=BGSU HTTP Test Calendar Admin,serviceId=^(https?)://caltest.bgsu.edu/…. 2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [FirstName] in the list of allowed attributes 2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [LastName] in the list of allowed attributes 2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [email] in the list of allowed attributes 2016-04-22 10:31:10,066 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider] - Returning the default principal id [tffishe] for username. Which would indicate it is only sending four attributes. But, at the app I see them all in the CAS response. Any idea why this is happening? Thanks. Ted F. Fisher Information Technology Services [Description: BGSU] -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN1PR0501MB2015D75525E56A45B8AA1944C04E0%40SN1PR0501MB2015.namprd05.prod.outlook.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
