I resolved the problem with too many attributes being sent since I found it was something I missed during the upgrade from CAS 3.5.0 to 4.1.5. I had gone through all the other jsps under view to make sure they worked appropriately, except I missed jsp/protocol/2.0/casServiceValidationSuccess.jsp That had simply copied over from our CAS 3.5.0. We had added releasing attributes in the response, but the reference to the attributes had changed. The code their still worked to include attributes, but was getting all rather than just those that were allowed. If you’ve modified that jsp to include attributes on an older version make sure to check it when you upgrade.
Thanks. Ted F. Fisher From: Dmitriy Kopylenko [mailto:[email protected]] Sent: Monday, May 23, 2016 12:13 PM org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy Hi Ted, if you could provide the simplest possible CAS overlay with the version that you are using (perhaps with the stub in-memory person dir dao to simulate attribute repo) here: https://github.com/cas-projects/cas-issues that could demonstrate the behavior that you are seeing, we’d be glad to dig into it. Thanks, D. On May 23, 2016, at 12:03 PM, Ted Fisher <[email protected]<mailto:[email protected]>> wrote: I’m still having an issue with CAS returning all attributes even though the service to return only allowed attributes. It is logging that it is only going to return the correct attributes (see below) but what the app gets is all attributes. I’ve looked at everything I can think of and still can’t see why it is doing this. Ted F. Fisher Information Technology Services <image001.gif> From: Ted Fisher Sent: Friday, April 22, 2016 10:48 AM To: '[email protected]<mailto:[email protected]>' <[email protected]<mailto:[email protected]>> Subject: more attributes returned than allowed While we have all of our services set for ReturnAllowedAttributeReleasePolicy, The CAS response received by the app includes all attributes that were resolved. We logged this: 2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.CentralAuth enticationServiceImpl] - Attribute policy [org.jasig.cas.services.ReturnAllowedA ttributeReleasePolicy@1985a180[attributeFilter=<null>,principalAttributesReposit ory=org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository@ 41d517d6[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyG rantingTicket=false,allowedAttributes=[FirstName, LastName, email, Affiliation]] ] is associated with service [id=10001301,name=BGSU_Calendar_Test_Admin,descript ion=BGSU HTTP Test Calendar Admin,serviceId=^(https?)://caltest.bgsu.edu/<http://caltest.bgsu.edu/>…. 2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [FirstName] in the list of allowed attributes 2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [LastName] in the list of allowed attributes 2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [email] in the list of allowed attributes 2016-04-22 10:31:10,066 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider] - Returning the default principal id [tffishe] for username. Which would indicate it is only sending four attributes. But, at the app I see them all in the CAS response. Any idea why this is happening? Thanks. Ted F. Fisher Information Technology Services <image001.gif> -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To post to this group, send email to [email protected]<mailto:[email protected]>. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN1PR0501MB2015D75525E56A45B8AA1944C04E0%40SN1PR0501MB2015.namprd05.prod.outlook.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN1PR0501MB2015D75525E56A45B8AA1944C04E0%40SN1PR0501MB2015.namprd05.prod.outlook.com?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN1PR0501MB2015FE97C43A20CD0A2271F7C0500%40SN1PR0501MB2015.namprd05.prod.outlook.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
