Hi Ray,
I changed the attribute names and still same result. As suggested I set
logging to debug and configuration and didn't find any message about
'unbound attribute'.
I believe there is an issue related to the attribute release policies,
based on the following log message:
2020-11-17 09:54:39,962 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of
[{}] for [pnitat]>
even though there are default attributes for release:
2020-11-17 09:54:39,962 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Default attributes for release are: [[inherited_group, role, userstatus,
work_phone, last_name, active, middle_name, user_id, accessMetadata,
organization_id, phone_extension, crm_user_id, first_name, email, username,
group]]>
Is there a different setting to change the attribute release policy so all
attributes defined in the list are released?
Thanks,
Paul
On Monday, November 16, 2020 at 6:26:49 PM UTC-5 Ray Bon wrote:
> Paul,
>
> Unfortunately the docs have not been updated.
> The reference is here on line 186,
> https://github.com/apereo/cas/blob/6.2.x/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/core/authentication/AuthenticationProperties.java
>
> Set your logging to debug. You should see something about an 'unbound
> attribute' or 'could not bind attribute' with the name of the attribute. I
> am sure there are more changes than just that one.
>
> It was a long time since we upgraded and I did not remember that I must
> have search the code base for the attribute names.
>
> Ray
>
> On Mon, 2020-11-16 at 14:40 -0800, P N wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi Ray,
>
> I am actually using the notation prescribed in CAS 6.2.x documentation -
> see
> https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#jdbc-1
>
> :
>
> # cas.authn.attribute-repository.jdbc[0].attributes.uid=uid
> #
> cas.authn.attribute-repository.jdbc[0].attributes.display-name=displayName
> ...
>
> However, even changing the configuration as suggested to old notation from
> CAS 5 - cas.authn.attributeRepository.jdbc[0] ... , I am getting same
> results, i.e. no attributes released.
>
> Thanks,
> Paul
> On Monday, November 16, 2020 at 4:59:59 PM UTC-5 Ray Bon wrote:
>
> Paul,
>
> You will have to check all your attribute names, they often change between
> versions.
> cas.authn.attribute-repository.jdbc
> is now
> cas.authn.attributeRepository.jdbc
>
> Ray
>
> On Mon, 2020-11-16 at 13:20 -0800, P N wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hi,
>
> I am in the process to migrate from CAS 5.3.15 to CAS 2.1 and in CAS 6 I
> am using the same configuration properties as in CAS 5 for the principal
> attribute release from an external JDBC repository using default Person
> Directory to all services by default:
>
>
> cas.authn.attribute-repository.default-attributes-to-release=username,role,group,inherited_group,user_id,crm_user_id,organization_id,first_name,middle_name,last_name,email,work_phone,phone_extension,active,userstatus,accessMetadata
> cas.authn.attribute-repository.jdbc[0].singleRow=false
> cas.authn.attribute-repository.jdbc[0].sql= ...
> cas.authn.attribute-repository.jdbc[0].username=user_name
>
> cas.authn.attribute-repository.jdbc[0].columnMappings.attribute_name=attribute_value
>
> cas.authn.attribute-repository.jdbc[0].attributes.user_name=username
> cas.authn.attribute-repository.jdbc[0].attributes.role=role
> cas.authn.attribute-repository.jdbc[0].attributes.group=group
>
> cas.authn.attribute-repository.jdbc[0].attributes.inherited_group=inherited_group
> cas.authn.attribute-repository.jdbc[0].attributes.user_id=user_id
> cas.authn.attribute-repository.jdbc[0].attributes.crm_user_id=crm_user_id
>
> cas.authn.attribute-repository.jdbc[0].attributes.organization_id=organization_id
> cas.authn.attribute-repository.jdbc[0].attributes.first_name=first_name
> cas.authn.attribute-repository.jdbc[0].attributes.middle_name=middle_name
> cas.authn.attribute-repository.jdbc[0].attributes.last_name=last_name
> cas.authn.attribute-repository.jdbc[0].attributes.email=email
> cas.authn.attribute-repository.jdbc[0].attributes.work_phone=work_phone
>
> cas.authn.attribute-repository.jdbc[0].attributes.phone_extension=phone_extension
> cas.authn.attribute-repository.jdbc[0].attributes.active=active
> cas.authn.attribute-repository.jdbc[0].attributes.userstatus=userstatus
>
> cas.authn.attribute-repository.jdbc[0].attributes.accessMetadata=accessMetadata
>
> cas.authn.attribute-repository.jdbc[0].id=AMS
> cas.authn.attribute-repository.jdbc[0].failFastTimeout=1
> cas.authn.attribute-repository.jdbc[0].healthQuery=select 1 from dual
> cas.authn.attribute-repository.jdbc[0].isolateInternalQueries=false
> cas.authn.attribute-repository.jdbc[0].leakThreshold=10
> cas.authn.attribute-repository.jdbc[0].batchSize=1
> cas.authn.attribute-repository.jdbc[0].defaultSchema=cihiweb
> cas.authn.attribute-repository.jdbc[0].ddlAuto=none
>
> cas.authn.attribute-repository.jdbc[0].autocommit=false
> cas.authn.attribute-repository.jdbc[0].idleTimeout=5000
>
>
> cas.authn.attribute-repository.jdbc[0].properties.propertyName=propertyValue
> cas.authn.attribute-repository.jdbc[0].pool.suspension=false
> cas.authn.attribute-repository.jdbc[0].pool.minSize=6
> cas.authn.attribute-repository.jdbc[0].pool.maxSize=18
> cas.authn.attribute-repository.jdbc[0].pool.maxWait=2000
> cas.authn.attribute-repository.jdbc[0].pool.timeoutMillis=1000
>
> cas.authn.attribute-repository.expirationTime=0
> cas.authn.attribute-repository.merger=multivalued
> cas.personDirectory.attributeResolutionEnabled=true
> cas.personDirectory.activeAttributeRepositoryIds=AMS
>
> However, none of the attributes are released in the service validation :
>
> 2020-11-16 16:15:41,642 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Initiating attributes release phase for principal [pnitat] accessing
> service [AbstractWebApplicationService(id=
> http://localhost:8080/ui-dev-guide/j_spring_cas_security_check,
> originalUrl=http://localhost:8080/ui-dev-guide/j_spring_cas_security_check,
> artifactId=null, principal=pnitat, source=service, loggedOutAlready=false,
> format=XML, attributes={})] defined by registered service [http*://.*]...>
> 2020-11-16 16:15:41,643 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Using principal attribute repository
> [DefaultPrincipalAttributesRepository()] to retrieve attributes>
> 2020-11-16 16:15:41,644 DEBUG
> [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository]
>
> - <Using [pnitat], no caching takes place for
> [DefaultPrincipalAttributesRepository] to add attributes.>
> 2020-11-16 16:15:41,644 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Found principal attributes [{}] for [pnitat]>
> 2020-11-16 16:15:41,646 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of
> [{}] for [pnitat]>
> 2020-11-16 16:15:41,646 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Default attributes for release are: [[inherited_group, role, userstatus,
> work_phone, last_name, active, middle_name, user_id, accessMetadata,
> organization_id, phone_extension, crm_user_id, first_name, email, username,
> group]]>
> 2020-11-16 16:15:41,646 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Default attributes found to be released are [{}]>
> 2020-11-16 16:15:41,647 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Finalizing attributes release phase for principal [pnitat] accessing
> service [AbstractWebApplicationService(id=
> http://localhost:8080/ui-dev-guide/j_spring_cas_security_check,
> originalUrl=http://localhost:8080/ui-dev-guide/j_spring_cas_security_check,
> artifactId=null, principal=pnitat, source=service, loggedOutAlready=false,
> format=XML, attributes={})] defined by registered service [http*://.*]...>
> 2020-11-16 16:15:41,647 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Final collection of attributes allowed are: [{}]>
>
> Do I miss any configuration properties or has anything changed in version
> 6 from 5 regarding the default attributes release?
>
> Thanks,
> Paul
>
> --
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/79ca631f-5b50-44c9-9698-cba2a8e03c04n%40apereo.org.
