Carl,
This already should be in log4j2:
<!-- Log audit to all root appenders, and also to audit log (additivity
is not false) -->
<AsyncLogger name="org.apereo.inspektr.audit.support" level="info"
includeLocation="true" >
<AppenderRef ref="casAudit"/>
<AppenderRef ref="syslog"/>
</AsyncLogger>
Ray
On Thu, 2018-02-08 at 13:06 -0800, crdaudt wrote:
For one of my services, I have the following accessStrategy defined in my JSON
file:
---begin---
"accessStrategy" :
{
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"unauthorizedRedirectUrl" : "https://ssohost.mydomain.edu/cas_nowayjose/";,
"requireAllAttributes" : false,
"ssoEnabled" : true,
"requiredAttributes" :
{
"@class" : "java.util.HashMap",
"memberOf" : [ "java.util.HashSet", [
"CN=some_cn,OU=some_subgroup,OU=some_group,DC=my_subdomain,DC=my_domain,DC=edu","CN=some_other_cn,OU=some_subgroup,OU=some_group,DC=my_subdomain,DC=mydomain,DC=edu"
] ]
}
}
---end---
This works nicely to redirect unauthorized users who do not belong to either of
the memberOf AD groups. However, the default log settings in log4j2.xml do not
provide any indication that an unauthorized user attempted to obtain a service
ticket.
How can I set up my CAS (v5.2.2) instance to log failed attempts by
unauthorized users to obtain a service ticket?
Carl
--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1518125714.5546.19.camel%40uvic.ca.
