Paul, There are per service settings that can be applied and a default bundle that can be set, https://apereo.github.io/cas/6.2.x/integration/Attribute-Release-Policies.html
You can set some attributes to be searched on authentication and others can be extracted afterwards, https://apereo.github.io/cas/6.2.x/integration/Attribute-Resolution.html You can also set hibernate to display what it is sending and receiving to be sure its queries are what you expect, https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties-Common.html#hibernate--jdbc. If you are getting to the attribute release lines, your cas config names must be correct. Ray On Tue, 2020-11-17 at 07:04 -0800, P N wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi Ray, I changed the attribute names and still same result. As suggested I set logging to debug and configuration and didn't find any message about 'unbound attribute'. I believe there is an issue related to the attribute release policies, based on the following log message: 2020-11-17 09:54:39,962 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of [{}] for [pnitat]> even though there are default attributes for release: 2020-11-17 09:54:39,962 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes for release are: [[inherited_group, role, userstatus, work_phone, last_name, active, middle_name, user_id, accessMetadata, organization_id, phone_extension, crm_user_id, first_name, email, username, group]]> Is there a different setting to change the attribute release policy so all attributes defined in the list are released? Thanks, Paul On Monday, November 16, 2020 at 6:26:49 PM UTC-5 Ray Bon wrote: Paul, Unfortunately the docs have not been updated. The reference is here on line 186, https://github.com/apereo/cas/blob/6.2.x/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/core/authentication/AuthenticationProperties.java Set your logging to debug. You should see something about an 'unbound attribute' or 'could not bind attribute' with the name of the attribute. I am sure there are more changes than just that one. It was a long time since we upgraded and I did not remember that I must have search the code base for the attribute names. Ray On Mon, 2020-11-16 at 14:40 -0800, P N wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi Ray, I am actually using the notation prescribed in CAS 6.2.x documentation - see https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#jdbc-1 : # cas.authn.attribute-repository.jdbc[0].attributes.uid=uid # cas.authn.attribute-repository.jdbc[0].attributes.display-name=displayName ... However, even changing the configuration as suggested to old notation from CAS 5 - cas.authn.attributeRepository.jdbc[0] ... , I am getting same results, i.e. no attributes released. Thanks, Paul On Monday, November 16, 2020 at 4:59:59 PM UTC-5 Ray Bon wrote: Paul, You will have to check all your attribute names, they often change between versions. cas.authn.attribute-repository.jdbc is now cas.authn.attributeRepository.jdbc Ray On Mon, 2020-11-16 at 13:20 -0800, P N wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi, I am in the process to migrate from CAS 5.3.15 to CAS 2.1 and in CAS 6 I am using the same configuration properties as in CAS 5 for the principal attribute release from an external JDBC repository using default Person Directory to all services by default: cas.authn.attribute-repository.default-attributes-to-release=username,role,group,inherited_group,user_id,crm_user_id,organization_id,first_name,middle_name,last_name,email,work_phone,phone_extension,active,userstatus,accessMetadata cas.authn.attribute-repository.jdbc[0].singleRow=false cas.authn.attribute-repository.jdbc[0].sql= ... cas.authn.attribute-repository.jdbc[0].username=user_name cas.authn.attribute-repository.jdbc[0].columnMappings.attribute_name=attribute_value cas.authn.attribute-repository.jdbc[0].attributes.user_name=username cas.authn.attribute-repository.jdbc[0].attributes.role=role cas.authn.attribute-repository.jdbc[0].attributes.group=group cas.authn.attribute-repository.jdbc[0].attributes.inherited_group=inherited_group cas.authn.attribute-repository.jdbc[0].attributes.user_id=user_id cas.authn.attribute-repository.jdbc[0].attributes.crm_user_id=crm_user_id cas.authn.attribute-repository.jdbc[0].attributes.organization_id=organization_id cas.authn.attribute-repository.jdbc[0].attributes.first_name=first_name cas.authn.attribute-repository.jdbc[0].attributes.middle_name=middle_name cas.authn.attribute-repository.jdbc[0].attributes.last_name=last_name cas.authn.attribute-repository.jdbc[0].attributes.email=email cas.authn.attribute-repository.jdbc[0].attributes.work_phone=work_phone cas.authn.attribute-repository.jdbc[0].attributes.phone_extension=phone_extension cas.authn.attribute-repository.jdbc[0].attributes.active=active cas.authn.attribute-repository.jdbc[0].attributes.userstatus=userstatus cas.authn.attribute-repository.jdbc[0].attributes.accessMetadata=accessMetadata cas.authn.attribute-repository.jdbc[0].id=AMS cas.authn.attribute-repository.jdbc[0].failFastTimeout=1 cas.authn.attribute-repository.jdbc[0].healthQuery=select 1 from dual cas.authn.attribute-repository.jdbc[0].isolateInternalQueries=false cas.authn.attribute-repository.jdbc[0].leakThreshold=10 cas.authn.attribute-repository.jdbc[0].batchSize=1 cas.authn.attribute-repository.jdbc[0].defaultSchema=cihiweb cas.authn.attribute-repository.jdbc[0].ddlAuto=none cas.authn.attribute-repository.jdbc[0].autocommit=false cas.authn.attribute-repository.jdbc[0].idleTimeout=5000 cas.authn.attribute-repository.jdbc[0].properties.propertyName=propertyValue cas.authn.attribute-repository.jdbc[0].pool.suspension=false cas.authn.attribute-repository.jdbc[0].pool.minSize=6 cas.authn.attribute-repository.jdbc[0].pool.maxSize=18 cas.authn.attribute-repository.jdbc[0].pool.maxWait=2000 cas.authn.attribute-repository.jdbc[0].pool.timeoutMillis=1000 cas.authn.attribute-repository.expirationTime=0 cas.authn.attribute-repository.merger=multivalued cas.personDirectory.attributeResolutionEnabled=true cas.personDirectory.activeAttributeRepositoryIds=AMS However, none of the attributes are released in the service validation : 2020-11-16 16:15:41,642 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Initiating attributes release phase for principal [pnitat] accessing service [AbstractWebApplicationService(id=http://localhost:8080/ui-dev-guide/j_spring_cas_security_check, originalUrl=http://localhost:8080/ui-dev-guide/j_spring_cas_security_check, artifactId=null, principal=pnitat, source=service, loggedOutAlready=false, format=XML, attributes={})] defined by registered service [http*://.*]...> 2020-11-16 16:15:41,643 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Using principal attribute repository [DefaultPrincipalAttributesRepository()] to retrieve attributes> 2020-11-16 16:15:41,644 DEBUG [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository] - <Using [pnitat], no caching takes place for [DefaultPrincipalAttributesRepository] to add attributes.> 2020-11-16 16:15:41,644 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Found principal attributes [{}] for [pnitat]> 2020-11-16 16:15:41,646 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of [{}] for [pnitat]> 2020-11-16 16:15:41,646 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes for release are: [[inherited_group, role, userstatus, work_phone, last_name, active, middle_name, user_id, accessMetadata, organization_id, phone_extension, crm_user_id, first_name, email, username, group]]> 2020-11-16 16:15:41,646 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes found to be released are [{}]> 2020-11-16 16:15:41,647 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Finalizing attributes release phase for principal [pnitat] accessing service [AbstractWebApplicationService(id=http://localhost:8080/ui-dev-guide/j_spring_cas_security_check, originalUrl=http://localhost:8080/ui-dev-guide/j_spring_cas_security_check, artifactId=null, principal=pnitat, source=service, loggedOutAlready=false, format=XML, attributes={})] defined by registered service [http*://.*]...> 2020-11-16 16:15:41,647 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Final collection of attributes allowed are: [{}]> Do I miss any configuration properties or has anything changed in version 6 from 5 regarding the default attributes release? Thanks, Paul -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831<tel:(250)%20721-8831> | CLE 019 | [email protected] I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831<tel:(250)%20721-8831> | CLE 019 | [email protected] I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/75284a19d33d87205acc3d7b2f65936fbecdec64.camel%40uvic.ca.
