Thank you for your answer.
I've found the reason. It's because of encrytion. If I dont define private
and public key, CAS will generate it automatically. And when cas server is
restarted, the key will be generated again. So the consent that is saved in
LDAP can't be decrypt by CAS.
On Wednesday, March 10, 2021 at 12:16:05 AM UTC+7 Ray Bon wrote:
> Dewi,
>
> Have you verified that the record was added to LDAP, is in the correct
> path and identified by the {user}?
>
> If you change the attributes stored for a service (with and without
> restarting server), does the record update?
>
> Check your ldap and cas (ldaptive) logs.
>
>
> Ray
>
>
> On Mon, 2021-03-08 at 18:43 -0800, Dewi Suci Rafianti wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> I have configured CAS server v6.3.2 to ask user about attribute release
> consent. The consent is succeccfully saved in LDAP using description
> attribute. When a user access the same application for the second time,
> user won't be asked the same consent again. But, when the CAS server is
> restarted, user will be asked the consent again. It's as if the consent
> will be reset when the server is restarted. Is it the right flow? Why CAS
> server is not use consent that is already saved in LDAP server?
>
> Here is my cas.properties
> cas.consent.ldap.ldap-url=ldap://localhost:389
> cas.consent.ldap.ldapUrl=ldap://localhost:389
> cas.consent.ldap.baseDn=dc=example,dc=org
> cas.consent.ldap.searchFilter=cn={user}
> cas.consent.ldap.bindDn=cn=admin,dc=example,dc=org
> cas.consent.ldap.bindCredential=admin
> cas.consent.ldap.consentAttributeName=description
>
> JSON service registry
> {
> "@class": "org.apereo.cas.services.RegexRegisteredService",
> "serviceId": "^(https|http)://.*",
> "name": "ApplicationName",
> "id": 1001,
> "evaluationOrder": 10,
> "attributeReleasePolicy": {
> "@class":
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
> "allowedAttributes": [ "java.util.ArrayList", [ "cn", "mail", "sn",
> "description", "telephoneNumber", "postalCode" ] ],
> "consentPolicy": {
> "@class":
> "org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy",
> "includeOnlyAttributes": ["java.util.LinkedHashSet", ["description",
> "telephoneNumber"]], "enabled": true } } }
>
> And I already add dependency in build.gradle
> implementation
> "org.apereo.cas:cas-server-support-consent-webflow:${casServerVersion}"
> implementation
> "org.apereo.cas:cas-server-support-consent-ldap:${casServerVersion}"
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5bcd3605-7b65-48c9-8026-b598ca6428ffn%40apereo.org.
