Hi Ray,
I found a way to release attributes by adding the following to the JSON
service definition:
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
"principalAttributesRepository" : {
"@class" :
"org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository",
"attributeRepositoryIds": ["java.util.HashSet", [ "AMS" ]]
}
}
and disabling the global attribute release:
cas.personDirectory.attributeResolutionEnabled=false
However, I am still not clear why the default bundle is not working when is
stated in the documentation that should be working for all services.
Thanks,
Paul
On Tuesday, November 17, 2020 at 10:40:09 AM UTC-5 Ray Bon wrote:
> Paul,
>
> There are per service settings that can be applied and a default bundle
> that can be set,
> https://apereo.github.io/cas/6.2.x/integration/Attribute-Release-Policies.html
>
> You can set some attributes to be searched on authentication and others
> can be extracted afterwards,
> https://apereo.github.io/cas/6.2.x/integration/Attribute-Resolution.html
>
> You can also set hibernate to display what it is sending and receiving to
> be sure its queries are what you expect,
> https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties-Common.html#hibernate--jdbc
> .
>
> If you are getting to the attribute release lines, your cas config names
> must be correct.
>
> Ray
>
> On Tue, 2020-11-17 at 07:04 -0800, P N wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi Ray,
>
> I changed the attribute names and still same result. As suggested I set
> logging to debug and configuration and didn't find any message about
> 'unbound attribute'.
>
> I believe there is an issue related to the attribute release policies,
> based on the following log message:
> 2020-11-17 09:54:39,962 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of
> [{}] for [pnitat]>
>
> even though there are default attributes for release:
> 2020-11-17 09:54:39,962 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Default attributes for release are: [[inherited_group, role, userstatus,
> work_phone, last_name, active, middle_name, user_id, accessMetadata,
> organization_id, phone_extension, crm_user_id, first_name, email, username,
> group]]>
>
> Is there a different setting to change the attribute release policy so all
> attributes defined in the list are released?
>
> Thanks,
> Paul
> On Monday, November 16, 2020 at 6:26:49 PM UTC-5 Ray Bon wrote:
>
> Paul,
>
> Unfortunately the docs have not been updated.
> The reference is here on line 186,
> https://github.com/apereo/cas/blob/6.2.x/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/core/authentication/AuthenticationProperties.java
>
> Set your logging to debug. You should see something about an 'unbound
> attribute' or 'could not bind attribute' with the name of the attribute. I
> am sure there are more changes than just that one.
>
> It was a long time since we upgraded and I did not remember that I must
> have search the code base for the attribute names.
>
> Ray
>
> On Mon, 2020-11-16 at 14:40 -0800, P N wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi Ray,
>
> I am actually using the notation prescribed in CAS 6.2.x documentation -
> see
> https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#jdbc-1
>
> :
>
> # cas.authn.attribute-repository.jdbc[0].attributes.uid=uid
> #
> cas.authn.attribute-repository.jdbc[0].attributes.display-name=displayName
> ...
>
> However, even changing the configuration as suggested to old notation from
> CAS 5 - cas.authn.attributeRepository.jdbc[0] ... , I am getting same
> results, i.e. no attributes released.
>
> Thanks,
> Paul
> On Monday, November 16, 2020 at 4:59:59 PM UTC-5 Ray Bon wrote:
>
> Paul,
>
> You will have to check all your attribute names, they often change between
> versions.
> cas.authn.attribute-repository.jdbc
> is now
> cas.authn.attributeRepository.jdbc
>
> Ray
>
> On Mon, 2020-11-16 at 13:20 -0800, P N wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hi,
>
> I am in the process to migrate from CAS 5.3.15 to CAS 2.1 and in CAS 6 I
> am using the same configuration properties as in CAS 5 for the principal
> attribute release from an external JDBC repository using default Person
> Directory to all services by default:
>
>
> cas.authn.attribute-repository.default-attributes-to-release=username,role,group,inherited_group,user_id,crm_user_id,organization_id,first_name,middle_name,last_name,email,work_phone,phone_extension,active,userstatus,accessMetadata
> cas.authn.attribute-repository.jdbc[0].singleRow=false
> cas.authn.attribute-repository.jdbc[0].sql= ...
> cas.authn.attribute-repository.jdbc[0].username=user_name
>
> cas.authn.attribute-repository.jdbc[0].columnMappings.attribute_name=attribute_value
>
> cas.authn.attribute-repository.jdbc[0].attributes.user_name=username
> cas.authn.attribute-repository.jdbc[0].attributes.role=role
> cas.authn.attribute-repository.jdbc[0].attributes.group=group
>
> cas.authn.attribute-repository.jdbc[0].attributes.inherited_group=inherited_group
> cas.authn.attribute-repository.jdbc[0].attributes.user_id=user_id
> cas.authn.attribute-repository.jdbc[0].attributes.crm_user_id=crm_user_id
>
> cas.authn.attribute-repository.jdbc[0].attributes.organization_id=organization_id
> cas.authn.attribute-repository.jdbc[0].attributes.first_name=first_name
> cas.authn.attribute-repository.jdbc[0].attributes.middle_name=middle_name
> cas.authn.attribute-repository.jdbc[0].attributes.last_name=last_name
> cas.authn.attribute-repository.jdbc[0].attributes.email=email
> cas.authn.attribute-repository.jdbc[0].attributes.work_phone=work_phone
>
> cas.authn.attribute-repository.jdbc[0].attributes.phone_extension=phone_extension
> cas.authn.attribute-repository.jdbc[0].attributes.active=active
> cas.authn.attribute-repository.jdbc[0].attributes.userstatus=userstatus
>
> cas.authn.attribute-repository.jdbc[0].attributes.accessMetadata=accessMetadata
>
> cas.authn.attribute-repository.jdbc[0].id=AMS
> cas.authn.attribute-repository.jdbc[0].failFastTimeout=1
> cas.authn.attribute-repository.jdbc[0].healthQuery=select 1 from dual
> cas.authn.attribute-repository.jdbc[0].isolateInternalQueries=false
> cas.authn.attribute-repository.jdbc[0].leakThreshold=10
> cas.authn.attribute-repository.jdbc[0].batchSize=1
> cas.authn.attribute-repository.jdbc[0].defaultSchema=cihiweb
> cas.authn.attribute-repository.jdbc[0].ddlAuto=none
>
> cas.authn.attribute-repository.jdbc[0].autocommit=false
> cas.authn.attribute-repository.jdbc[0].idleTimeout=5000
>
>
> cas.authn.attribute-repository.jdbc[0].properties.propertyName=propertyValue
> cas.authn.attribute-repository.jdbc[0].pool.suspension=false
> cas.authn.attribute-repository.jdbc[0].pool.minSize=6
> cas.authn.attribute-repository.jdbc[0].pool.maxSize=18
> cas.authn.attribute-repository.jdbc[0].pool.maxWait=2000
> cas.authn.attribute-repository.jdbc[0].pool.timeoutMillis=1000
>
> cas.authn.attribute-repository.expirationTime=0
> cas.authn.attribute-repository.merger=multivalued
> cas.personDirectory.attributeResolutionEnabled=true
> cas.personDirectory.activeAttributeRepositoryIds=AMS
>
> However, none of the attributes are released in the service validation :
>
> 2020-11-16 16:15:41,642 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Initiating attributes release phase for principal [pnitat] accessing
> service [AbstractWebApplicationService(id=
> http://localhost:8080/ui-dev-guide/j_spring_cas_security_check,
> originalUrl=http://localhost:8080/ui-dev-guide/j_spring_cas_security_check,
> artifactId=null, principal=pnitat, source=service, loggedOutAlready=false,
> format=XML, attributes={})] defined by registered service [http*://.*]...>
> 2020-11-16 16:15:41,643 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Using principal attribute repository
> [DefaultPrincipalAttributesRepository()] to retrieve attributes>
> 2020-11-16 16:15:41,644 DEBUG
> [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository]
>
> - <Using [pnitat], no caching takes place for
> [DefaultPrincipalAttributesRepository] to add attributes.>
> 2020-11-16 16:15:41,644 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Found principal attributes [{}] for [pnitat]>
> 2020-11-16 16:15:41,646 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of
> [{}] for [pnitat]>
> 2020-11-16 16:15:41,646 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Default attributes for release are: [[inherited_group, role, userstatus,
> work_phone, last_name, active, middle_name, user_id, accessMetadata,
> organization_id, phone_extension, crm_user_id, first_name, email, username,
> group]]>
> 2020-11-16 16:15:41,646 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Default attributes found to be released are [{}]>
> 2020-11-16 16:15:41,647 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Finalizing attributes release phase for principal [pnitat] accessing
> service [AbstractWebApplicationService(id=
> http://localhost:8080/ui-dev-guide/j_spring_cas_security_check,
> originalUrl=http://localhost:8080/ui-dev-guide/j_spring_cas_security_check,
> artifactId=null, principal=pnitat, source=service, loggedOutAlready=false,
> format=XML, attributes={})] defined by registered service [http*://.*]...>
> 2020-11-16 16:15:41,647 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> <Final collection of attributes allowed are: [{}]>
>
> Do I miss any configuration properties or has anything changed in version
> 6 from 5 regarding the default attributes release?
>
> Thanks,
> Paul
>
> --
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a9952399-a67e-45e1-9798-f50b23a7a10dn%40apereo.org.
