Ray,
UPDATE
I wrote my own logs by redirecting to a file to see if this.accountStatus
recovers the correct state
like this
java.net.URI getUnauthorizedRedirectUrl() {
if (this.accountStatus == 'Blocked') {
File file = new File("/tmp/cas")
file.append(this.accountStatus)
So in my toto file I have the waiting status
====================================================
GNU nano 2.7.4 File : /tmp/cas
*Waiting*
====================================================
When Im trying to connect :
2019-06-04 11:42:20,415 WARN
[org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] -
<Unauthorized service access for principal; CAS will be redirecting to [
https://cas-univ.com/waiting.html)]>
So it sounds good but the page doesnt redirect to the url and display
"Application Not Authorized to Use CAS"
any suggestion?
Regards,
Ray,
>
> Theses lines do not return anything in my logs...
> I thought my file wasnt up but it is because the ldaptive debug is
> generated...
> I dunno whats happening
>
> regards,
>
> Debian,
>>
>> Add this to your log4j2.xml
>> <AsyncLogger name="package.GroovyRegisteredAccessStrategy"
>> level="debug"/>
>>
>> replacing 'package' with the package of your class.
>>
>> Add this as the first line of doPrincipalAttributesAllowServiceAccess
>> method:
>> log.error("doPrincipalAttributesAllowServiceAccess: " +
>> attributes.get('udlAccountStatus'))
>>
>> Log level does not have to be 'error', but this way it will definitely
>> show in the logs and 'should be' the only ERROR listed.
>> This way you will know when/if your method is called and the value of
>> udlAccountStatus.
>>
>> Ray
>>
>>
>> On Mon, 2019-06-03 at 06:00 -0700, Debian HNT wrote:
>>
>> Ray,
>>
>> In my log4j2.xml I have this
>>
>> <AsyncLogger
>> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>>
>> level="debug"/>
>> <AsyncLogger
>> name="org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy"
>> level="debug"/>
>>
>> When access is granted I have this in my logs
>>
>> 8430:2019-06-03 14:13:39,963 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Initiating attributes release phase for principal [student1.stu] accessing
>> service [https://castete.univ.com/cas/status/dashboard] defined by
>> registered service [^https://castete.univ.com/cas/status/dashboard
>> (\z|/.*)]...>
>> 8431:2019-06-03 14:13:39,972 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Locating principal attributes for [student1.stu]>
>> 8432:2019-06-03 14:13:39,973 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Using principal attribute repository
>> [DefaultPrincipalAttributesRepository()] to retrieve attributes>
>> 8433:2019-06-03 14:13:39,974 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Found principal attributes [{supannAliasLogin=[student1.stu],
>> udlAccountStatus=[Active]}] for [student1.stu]>
>> 8434:2019-06-03 14:13:39,976 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Calling attribute policy [ReturnAllAttributeReleasePolicy] to process
>> attributes for [student1.stu]>
>> 8435:2019-06-03 14:13:39,977 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Attribute policy [ReturnAllAttributeReleasePolicy] allows release of
>> [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}] for
>> [student1.stu>
>> 8436:2019-06-03 14:13:39,984 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Attempting to merge policy attributes and default attributes>
>> 8437:2019-06-03 14:13:39,984 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Checking default attribute policy attributes>
>> 8438:2019-06-03 14:13:39,985 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Located application context. Retrieving default attributes for release, if
>> any>
>> 8439:2019-06-03 14:13:39,988 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Default attributes for release are: [[]]>
>> 8440:2019-06-03 14:13:39,993 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Default attributes found to be released are [{}]>
>> 8441:2019-06-03 14:13:39,993 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Adding default attributes first to the released set of attributes>
>> 8442:2019-06-03 14:13:39,994 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Adding policy attributes to the released set of attributes>
>> 8443:2019-06-03 14:13:39,994 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Finalizing attributes release phase for principal [student1.stu] accessing
>> service [https://castete.univ.com/cas/status/dashboard] defined by
>> registered service [^https://castete.univ.com/cas/status/dashboard
>> (\z|/.*)]...>
>> 8444:2019-06-03 14:13:39,994 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Final collection of attributes allowed are:
>> [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}]>
>>
>>
>>
>> 8430:2019-06-03 14:13:39,963 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Initiating attributes release phase for principal [student1.stu] accessing
>> service [https://castete.univ.com/cas/status/dashboard] defined by
>> registered service [^https://castete.univ.com/cas/status/dashboard
>> (\z|/.*)]...>
>> 8431:2019-06-03 14:13:39,972 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Locating principal attributes for [student1.stu]>
>> 8432:2019-06-03 14:13:39,973 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Using principal attribute repository
>> [DefaultPrincipalAttributesRepository()] to retrieve attributes>
>> 8433:2019-06-03 14:13:39,974 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Found principal attributes [{supannAliasLogin=[student1.stu],
>> udlAccountStatus=[Active]}] for [student1.stu]>
>> 8434:2019-06-03 14:13:39,976 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Calling attribute policy [ReturnAllAttributeReleasePolicy] to process
>> attributes for [student1.stu]>
>> 8435:2019-06-03 14:13:39,977 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Attribute policy [ReturnAllAttributeReleasePolicy] allows release of
>> [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}] for
>> [student1.stu]>
>> 8436:2019-06-03 14:13:39,984 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Attempting to merge policy attributes and default attributes>
>> 8437:2019-06-03 14:13:39,984 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Checking default attribute policy attributes>
>> 8438:2019-06-03 14:13:39,985 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Located application context. Retrieving default attributes for release, if
>> any>
>> 8439:2019-06-03 14:13:39,988 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Default attributes for release are: [[]]>
>> 8440:2019-06-03 14:13:39,993 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Default attributes found to be released are [{}]>
>> 8441:2019-06-03 14:13:39,993 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Adding default attributes first to the released set of attributes>
>> 8442:2019-06-03 14:13:39,994 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Adding policy attributes to the released set of attributes>
>> 8443:2019-06-03 14:13:39,994 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Finalizing attributes release phase for principal [student1.stu] accessing
>> service [https://castete.univ.com/cas/status/dashboard] defined by
>> registered service [^https://castete.univ.com/cas/status/dashboard
>> (\z|/.*)]...>
>> 8444:2019-06-03 14:13:39,994 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> <Final collection of attributes allowed are:
>> [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}]>
>>
>> But when I try to test my waiting/blocked acc access is denied. In my
>> logs I just have ldaptive DEBUG
>>
>> 2019-06-03 14:50:45,673 INFO [org.ldaptive.auth.Authenticator] -
>> <Authentication succeeded for dn: uid=82853,ou=accounts,dc=univ,dc=com>
>> 2019-06-03 14:50:45,673 DEBUG [org.ldaptive.auth.Authenticator] -
>> <authenticate
>> response=[org.ldaptive.auth.AuthenticationHandlerResponse@1390045036::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1074313305::config=[org.ldaptive.ConnectionConfig@1599162410::ldapUrl=ldap://
>> ldap.univ.com, connectTimeout=PT5S, responseTimeout=PT5S,
>> sslConfig=[org.ldaptive.ssl.SslConfig@1022689743::credentialConfig=null,
>> trustManagers=null,
>> hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@5afc0982,
>> hostnameVerifierConfig=null, enabledCipherSuites=null,
>> enabledProtocols=null, handshakeCompletedListeners=null], useSSL=true,
>> useStartTLS=false,
>> connectionInitializer=[org.ldaptive.BindConnectionInitializer@202489594::bindDn=uid=reverseproxy,ou=ldapusers,dc=univ,dc=com,
>>
>> bindSaslConfig=null, bindControls=null],
>> connectionStrategy=org.ldaptive.DefaultConnectionStrategy@59d4b74a],
>> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@156261501::metadata=[ldapUrl=ldap://
>> ldap.univ.com, count=1],
>> environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory,
>>
>> com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3,
>> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
>> java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000},
>> classLoader=null,
>> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1341079820::operationExceptionResultCodes=[PROTOCOL_ERROR,
>>
>> SERVER_DOWN], properties={},
>> controlProcessor=org.ldaptive.provider.ControlProcessor@6a7e6832,
>> environment=null, tracePackets=null, removeDnUrls=true,
>> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
>> PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null,
>> hostnameVerifier=null]],
>> providerConnection=org.ldaptive.provider.jndi.JndiConnection@390a5cde],
>> result=true, resultCode=SUCCESS, message=null, controls=null] for
>> dn=uid=82853,ou=accounts,dc=univ,dc=com with
>> request=[org.ldaptive.auth.AuthenticationRequest@1020927553::user=[org.ldaptive.auth.User@86711528::identifier=student1.stu,
>>
>> context=null], returnAttributes=[udlAccountStatus, supannAliasLogin],
>> controls=null]>
>> 2019-06-03 14:50:45,675 INFO
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
>> trail record BEGIN
>> =============================================================
>> WHO: student1.stu
>> WHAT: Supplied credentials:
>> [UsernamePasswordCredential(username=student1.stu)]
>> ACTION: AUTHENTICATION_SUCCESS
>> APPLICATION: CAS
>> WHEN: Mon Jun 03 14:50:45 CEST 2019
>> CLIENT IP ADDRESS: 134.206.4.15
>> SERVER IP ADDRESS: 194.254.129.15
>> =============================================================
>>
>> >
>> 2019-06-03 14:50:45,677 WARN
>> [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Cannot
>> grant access to service [https://castete.univ.com/cas/status/dashboard]
>> because it is not authorized for use by [student1.stu].>
>> 2019-06-03 14:50:45,678 INFO
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
>> trail record BEGIN
>> =============================================================
>> WHO: student1.stu
>> WHAT: [result=Service Access Denied,service=
>> https://castete.univ.com/cas/sta...,principal=SimplePrincipal(id=student1.stu,
>>
>> attributes={udlAccountStatus=[Active],
>> supannAliasLogin=[student1.stu]}),requiredAttributes={}]
>> ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
>> APPLICATION: CAS
>> WHEN: Mon Jun 03 14:50:45 CEST 2019
>> CLIENT IP ADDRESS: 134.206.4.15
>> SERVER IP ADDRESS: 194.254.129.15
>> =============================================================
>> Dont know if I have configured logs correctly because I dont see whats
>> happening when access is denied...
>>
>> thanks for your time...
>>
>> Debian,
>>
>>
>> Ray,
>>
>> Thanks a lot for your response.
>> If it is neither 'blocked' nor 'waiting' access should be granted
>>
>> Debian,
>>
>> Debian,
>>
>> To know what is happening in your code, add logging statements!!!
>>
>> If you modify your code, you have to remember to un-modify it. Too easy
>> to forget a change and release to production.
>>
>> I have not used groovy scripting in CAS. Can you write unit tests? This
>> will let you know that your logic is correct.
>> Logging and unit tests can both be permanent in your code base. Logging
>> can be adjusted at runtime (log4j2.xml) in case an unexpected behaviour
>> shows up.
>>
>> If you are going to test runtime behaviour (different redirects) you should
>> have need test users with appropriate attributes (at least 3 in your
>> case). Or modify one user at the attribute store.
>>
>> Testing is important! Make sure you have all the parts you need.
>>
>> As far as why the code is not working, is it possible that
>> getUnauthorizedRedirectUrl is called before
>> doPrincipalAttributesAllowServiceAccess? You can check this with logging
>> (easy way) or trace the method calls in CAS source (more challenging).
>>
>> In getUnauthorizedRedirectUrl, there is no default case. What happens if
>> it is neither 'Blocked' nor 'Waiting'?
>>
>> Ray
>>
>> On Wed, 2019-05-29 at 01:37 -0700, Debian HNT wrote:
>>
>> Hi Ray,
>>
>> I'm trying to implement dynamic url redirect, here's my code :
>>
>> import org.apereo.cas.services.*
>> import java.util.*
>> import java.net.URI
>>
>> class GroovyRegisteredAccessStrategy extends
>> DefaultRegisteredServiceAccessStrategy {
>> final String accountStatus
>>
>> @Override
>> boolean isServiceAccessAllowed() {
>> return true
>> }
>>
>> @Override
>> boolean isServiceAccessAllowedForSso() {
>> return true
>> }
>>
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attribu$
>> if(attributes.get('udlAccountStatus').contains('Active')) {
>> this.accountStatus == 'Active'
>> return true
>> } else if
>> (attributes.get('udlAccountStatus').contains('Waiting')) {
>> this.accountStatus == 'Waiting'
>> return false
>> } else if
>> (attributes.get('udlAccountStatus').contains('Blocked')) {
>> this.accountStatus == 'Blocked'
>> return false
>>
>> } else {
>> return false
>> }
>> }
>>
>> @Override
>> java.net.URI getUnauthorizedRedirectUrl() {
>> if (this.accountStatus == 'Blocked') {
>> return new URI('https://cas-univ.com/blocked.html')
>> } else if (this.accountStatus == 'Waiting') {
>> return new URI('https://cas-univ.com/waiting.html')
>> }
>> }
>> }
>>
>> For Active account it works, but when I try waiting or blocked account,
>> my access is denied (CAS message, no erros logs). I don't have a
>> blocked/waiting account so I set my code like this to try :
>>
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attribu$
>> if(attributes.get('udlAccountStatus').contains('Active')) {
>> this.accountStatus == 'Waiting'
>> return false
>> } else if
>> (attributes.get('udlAccountStatus').contains('Waiting)) {
>> this.accountStatus == 'Waiting'
>> return false
>> } else if
>> (attributes.get('udlAccountStatus').contains('Blocked')) {
>> this.accountStatus == 'Blocked'
>> return false
>>
>> } else {
>> return false
>> }
>> }
>> @Override
>> java.net.URI getUnauthorizedRedirectUrl() {
>> if (this.accountStatus == 'Blocked') {
>> return new URI('https://cas-univ.com/blocked.html')
>> } else if (this.accountStatus == 'Waiting') {
>> return new URI('https://cas-univ.com/waiting.html')
>> }
>> }
>> }
>>
>> any suggest? is my code correct?
>>
>>
>> Thanks in advance..
>>
>>
>> Hi Ray,
>>
>> Thanks for your response and idea, I managed to make it work !
>>
>> Best regards,
>>
>> Debian,
>>
>> 'Principal' is what the logged in user is called. Think of it as a box
>> containing id, attributes, etc.
>>
>> Ray
>>
>> On Mon, 2019-05-27 at 04:31 -0700, Debian HNT wrote:
>>
>>
>> Hi Ray,
>>
>> It is a message that CAS is displaying "Service access denied due to
>> missing privileges."
>>
>>
>> Here's the logs
>>
>> 2019-05-27 13:02:15,646 WARN
>> [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] -
>> <Unauthorized service access for principal; CAS will be redirecting to [
>> https://castete.univ.com/aide/blocked.html]>
>> 2019-05-27 13:02:53,173 WARN
>> [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Cannot
>> grant access to service [https://castete.univ.com/cas/status/dashboard]
>> because it is not authorized for use by [student.stu].>
>> 2019-05-27 13:02:53,174 INFO
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
>> trail record BEGIN
>> =============================================================
>> WHO: audit:unknown
>> WHAT: [result=Service Access Denied,service=
>> https://castete.univ.com/cas/sta...,principal=SimplePrincipal(id=
>> student.stu, attributes={udlAccountStatus=[Active], supannAliasLogin=
>> [student.stu]}),requiredAttributes={}]
>> ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
>> APPLICATION: CAS
>> WHEN: Mon May 27 13:02:53 CEST 2019
>>
>> I feel like the code doesnt work because my student.stu has his
>> udlAccountStatus to Active so I should access to the service?
>> Can you explain me the "String principal"? not sure if I understand
>> correctly...
>>
>> thanks for your time,
>>
>> Debian,
>>
>> When you say 'access is denied', is that a message that CAS is displaying
>> or is that your service (admusers.properties sounds like your service)?
>>
>> Check CAS logs to see what is happening (you may need to add logging to
>> you custom code).
>>
>> Ray
>>
>> On Fri, 2019-05-24 at 00:01 -0700, Debian HNT wrote:
>>
>> Hello Ray,
>>
>> Thanks for your answer, the conf seems to be ok, I can access to the log
>> in page of the service but when I try to connect with my ID, the access is
>> denied.
>> Before using groovy script I was able to access the service... I've
>> checked my admusers.properties and my account is set to ROLE_ADMIN
>>
>> The boolean isServiceAccessAllowed is "return true"
>>
>> class GroovyRegisteredAccessStrategy extends
>> DefaultRegisteredServiceAccessStrategy {
>> @Override
>> boolean isServiceAccessAllowed() {
>> return true
>> }
>>
>> Thanks in advance
>>
>> Debian,
>>
>> Skip the for loop. If you know the attribute key, check it directly
>> (sorry about the use of map in my previous example):
>>
>> if ('Active' == attributes.get('udlAccountStatus'))
>>
>>
>> Also, from a programming perspective, entrySet returns a
>> Set<Map.Entry<String, Object>>.
>>
>> Ray
>>
>> On Thu, 2019-05-23 at 06:59 -0700, Debian HNT wrote:
>>
>> Ray,
>>
>> Excuse me for the inconvenience but I still have errors...
>>
>> I've tried your syntax
>>
>> import org.apereo.cas.services.*
>> import java.util.*
>>
>> class GroovyRegisteredAccessStrategy extends
>> DefaultRegisteredServiceAccessStrategy {
>> @Override
>> boolean isServiceAccessAllowed() {
>> return true
>> }
>>
>> @Override
>> boolean isServiceAccessAllowedForSso() {
>> return true
>> }
>>
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attributes) {
>> for (Map.Entry<String, Object> entry : attributes.entrySet()){
>> if ('Active' == map.get('udlAccountStatus')) {return true}
>> else
>> {return false}
>> }
>> }
>>
>> }
>>
>> I have this error
>> 2019-05-23 15:46:04,201 WARN
>> [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
>>
>> - <No such property: map for class: GroovyRegisteredAccessStrategy>
>> groovy.lang.MissingPropertyException: No such property: map for class:
>> GroovyRegisteredAccessStrategy
>>
>> I've tried this
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attributes) {
>> for (Map.Entry<String, Object> entry : attributes.entrySet()){
>> if ('Active' == entry.getKey('udlAccountStatus')) {return
>> true}
>> else
>> {return false}
>> }
>> }
>>
>> }
>> but I have this error
>> 2019-05-23 15:38:52,086 WARN
>> [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
>>
>> - <No signature of method: java.util.LinkedHashMap$Entry.getKey() is
>> applicable for argument types: (java.lang.String) values: [udlAccountStatus]
>> Possible solutions: getKey(), getAt(java.lang.String), notify(), grep(),
>> every(), every(groovy.lang.Closure)>
>>
>> When I try to use the Possible solutions with getKey()
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attributes) {
>> for (Map.Entry<String, Object> entry : attributes.entrySet()){
>> if ('Active' == getKey('udlAccountStatus')) {return true}
>> else
>> {return false}
>> }
>> }
>>
>> }
>> I have this error
>>
>> 2019-05-23 15:45:03,124 WARN
>> [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
>>
>> - <No signature of method: GroovyRegisteredAccessStrategy.getKey() is
>> applicable for argument types: (java.lang.String) values: [udlAccountStatus]
>> Possible solutions: getAt(java.lang.String), notify(), getOrder(),
>> grep(), every(), every(groovy.lang.Closure)>
>>
>>
>> any suggestions?
>>
>> Thanks in advance...
>>
>> Debian,
>>
>> I should have looked closer at your method logic.
>> From the method name I suspect that method checks an attribute to
>> determine service access. This is what you originally proposed 'attribute =
>> Active'.
>>
>> You will need to know what attributes you have. You can add logging to
>> the method or increase logging in general:
>>
>> <!-- DEBUG Found principal attributes [...] for [username]
>> Attribute policy [???] allows release of [...] for
>> [username]
>> Final collection of attributes allowed are: [...] -->
>> <AsyncLogger
>> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>>
>> level="debug"/>
>>
>> I also have this in my logging config:
>>
>> <!-- DEBUG Skipping access strategy policy - when no attributes
>> rules are defined
>> These required attributes [...] are examined against
>> [...] before service can proceed - when attrubutes are defined -->
>> <AsyncLogger
>> name="org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy"
>> level="warn"/>
>>
>> Because CAS can perform the access / deny part of your requirements.
>> Service configuration can set an attribute and a value that a user must
>> have to allow access.
>> Since you are trying to modify the redirect URL (you have a third
>> option), you might have to modify the web flow.
>>
>> In general, for your method you will have a check like this
>>
>> if ('Active' == map.get('attribute')) {return true}
>>
>> Ray
>>
>> On Wed, 2019-05-22 at 00:49 -070
>>
>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a2ddb889-bb19-4f4e-b55a-a3652071679c%40apereo.org.
