Hi Ted, if you could provide the simplest possible CAS overlay with the version that you are using (perhaps with the stub in-memory person dir dao to simulate attribute repo) here: https://github.com/cas-projects/cas-issues <https://github.com/cas-projects/cas-issues> that could demonstrate the behavior that you are seeing, we’d be glad to dig into it.
Thanks, D. > On May 23, 2016, at 12:03 PM, Ted Fisher <[email protected]> wrote: > > I’m still having an issue with CAS returning all attributes even though the > service to return only allowed attributes. It is logging that it is only > going to return the correct attributes (see below) but what the app gets is > all attributes. I’ve looked at everything I can think of and still can’t see > why it is doing this. > > Ted F. Fisher > Information Technology Services > <image001.gif> > > From: Ted Fisher > Sent: Friday, April 22, 2016 10:48 AM > To: '[email protected] <mailto:[email protected]>' <[email protected] > <mailto:[email protected]>> > Subject: more attributes returned than allowed > > > While we have all of our services set for > ReturnAllowedAttributeReleasePolicy, The CAS response received by the app > includes all attributes that were resolved. > We logged this: > 2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] > [org.jasig.cas.CentralAuth > enticationServiceImpl] - Attribute policy > [org.jasig.cas.services.ReturnAllowedA > ttributeReleasePolicy@1985a180[attributeFilter=<null>,principalAttributesReposit > ory=org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository@ > 41d517d6[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyG > rantingTicket=false,allowedAttributes=[FirstName, LastName, email, > Affiliation]] > ] is associated with service > [id=10001301,name=BGSU_Calendar_Test_Admin,descript > ion=BGSU HTTP Test Calendar Admin,serviceId=^(https?)://caltest.bgsu.edu/ > <http://caltest.bgsu.edu/>…. > 2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] > [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found > attribute [FirstName] in the list of allowed attributes > 2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] > [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found > attribute [LastName] in the list of allowed attributes > 2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] > [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found > attribute [email] in the list of allowed attributes > 2016-04-22 10:31:10,066 DEBUG [http-bio-8080-exec-29] > [org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider] - Returning > the default principal id [tffishe] for username. > Which would indicate it is only sending four attributes. But, at the app I > see them all in the CAS response. > > Any idea why this is happening? > > Thanks. > > Ted F. Fisher > Information Technology Services > <image001.gif> > > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > <https://groups.google.com/a/apereo.org/group/cas-user/>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN1PR0501MB2015D75525E56A45B8AA1944C04E0%40SN1PR0501MB2015.namprd05.prod.outlook.com > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN1PR0501MB2015D75525E56A45B8AA1944C04E0%40SN1PR0501MB2015.namprd05.prod.outlook.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/a/apereo.org/d/optout > <https://groups.google.com/a/apereo.org/d/optout>. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/F114DCA5-4D15-4781-B42B-FE734E4386F4%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
