Hi, Ray, Thank you very much for your quick response!
I'll try test again, and see how it goes. Appreciated your time and kind help very much! Best Regards, Joe On Thursday, January 28, 2021 at 12:14:06 PM UTC-5 Ray Bon wrote: > Joseph, > > To see what the cas server is finding for attributes, use this logger: > > <!-- DEBUG Found principal attributes [...] for [username] > Attribute policy [???] allows release of [...] for > [username] > Final collection of attributes allowed are: [...] --> > <AsyncLogger > name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy" > > level="debug"/> > > We also use map UDC_IDENTIFIER in the service definition. See, > https://apereo.github.io/cas/6.2.x/integration/Attribute-Release-Policies.html#return-mapped > . > > Ray > > On Thu, 2021-01-28 at 07:03 -0800, Joseph Zhou wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hi, folks, > > We are having issue to migrate SP from an old CAS 3.5.2 to a new CAS 6.2.2 > server. > > In the old server 3.5.2, it was configured as: > > <bean class="org.jasig.cas.services.RegexRegisteredService"> > <property name="id" value="6"/> > <property name="name" value="Banner XE"/> > <property name="description" value="CAS Client for Banner XE > Services"/> > <property name="serviceId" value="^https://ban.*.wccnet.edu > (:443)?/.*"/> > <property name="allowedAttributes"> > <list> > <value>UDC_IDENTIFIER</value> > </list> > </property> > <property name="evaluationOrder" value="1050"/> > </bean> > > On the new server 6.2.2 we tried different ways (no luck on any one), now > it is: > > { > "@class": "org.apereo.cas.services.RegexRegisteredService", > "serviceId": "https://banner-dev.wccnet.edu/balancer-manager";, > "name": "CASbanfrontdev", > "id": 1010, > "evaluationOrder": 20, > > "usernameAttributeProvider" : { > "@class" : > "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider", > "usernameAttribute" : "username" > } > "attributeReleasePolicy" : { > "@class" : > "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", > "allowedAttributes" : [ "java.util.ArrayList", ["username"]] > } > > } > > When connecting to the old server, we got in the SP httpd log (the SP > needs username): > > 207.73.128.2 - hpjozou [27/Jan/2021:17:23:08 -0500] "GET > /balancer-manager?ticket=ST-235770-aDCGnkjkNkZDuaZ11w > 1f-login.wccnet.edu HTTP/1.1" 302 234 " > https://login.wccnet.edu/cas/login?service=https%3a%2f%2fbanner-dev.wc > cnet.edu%2fbalancer-manager" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; > rv:78.0) Gecko/20100101 Firefox/78.0" > "-" - 443 banner-dev.wccnet.edu 0 43528 98087m -,- > 207.73.128.2 - hpjozou [27/Jan/2021:17:23:08 -0500] "GET /balancer-manager > HTTP/1.1" 200 980 "https://login.wc > > cnet.edu/cas/login?service=https%3a%2f%2fbanner-dev.wccnet.edu%2fbalancer-manager" > > "Mozilla/5.0 (Windows NT 1 > 0.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" "-" on 443 > banner-dev.wccnet.edu 0 43528 877m -,- > > On connecting to the new one, we got in the SP httpd log: > > > 207.73.128.2 - - [27/Jan/2021:17:31:34 -0500] "GET /balancer-manager > HTTP/1.1" 302 280 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36" > "-" - 443 banner-dev.wccnet.edu 0 43962 260m -,- > 207.73.128.2 - - [27/Jan/2021:17:31:59 -0500] "GET > /balancer-manager?ticket=ST-1-mm7K5F-4Bu-nqhrLD-3DDcJiuws-cas2 HTTP/1.1" > 401 381 "https://cas2.wccnet.edu/"; "Mozilla/5.0 (Windows NT 10.0; Win64; > x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 > Safari/537.36" "-" - 443 banner-dev.wccnet.edu 0 43962 93523m -,- > > Then, we ended up to Unauthorized in the SP page after CAS authentication > going through the new CAS. > > Our questions: > > - How could we make sure the username was responded to the SP? > - How could we see the xml file responded in the new CAS 6.2.2 server for > CAS 2.0? > - How could we see the xml file responded in the SP httpd log? > > Thank you very much for your help! > > Joe > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3eced208-3515-4095-88c0-d6981ccbc80en%40apereo.org.
