The attribute and the value are good in the LDAP.
By watching the ldap.log.level=debug, I do not see something strange.. I
can see all the values with their attributes, no error messages...
Le jeudi 25 mars 2021 à 18:57:34 UTC+1, Ray Bon a écrit :
> Jérémie,
>
> Check ldap to be sure an attribute and value exist for id_attribute for
> your user. You could also check your ldap logs to see why the value is not
> released.
>
> If cas is having difficulties connecting to ldap, you can set,
> <Property name="ldap.log.level">debug</Property>
> which is at the top of the log4j2.xml file.
>
> Ray
>
> On Thu, 2021-03-25 at 10:04 -0700, Jérémie Pilette wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Yes I have this file. I try to do with it ok.
>
> And in my */var.lib/tomcat9/Cataline.out*, I have this line :
> [2021-03-25 18:02:39] [info] #033[33m2021-03-25 18:02:39,848 WARN
> [org.apereo.cas.services.ReturnMappedAttributeReleasePolicy] - <Could not
> find value for mapped attribute [*codeNYP*] that is based off of [
> *id_attribute*] in the allowed attributes list. Ensure the original
> attribute [*id_attribute*] is retrieved and contains at least a single
> value. Attribute [*codeNYP*] will and can not be released without the
> presence of a value.>#033[m
>
>
> Le jeudi 25 mars 2021 à 17:55:46 UTC+1, Ray Bon a écrit :
>
> Jérémie,
>
> The cas logger bit can be added to etc/cas/config/log4j2.xml).
>
> Ray
>
> On Thu, 2021-03-25 at 09:35 -0700, Jérémie Pilette wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Thank you for your response Ray Bon, but where I have to do that ?
> Should I uncomment these lines in a file or add these lines in a specific
> file ?
> Thank you.
>
>
> Le jeudi 25 mars 2021 à 16:46:34 UTC+1, Ray Bon a écrit :
>
> Jérémie,
>
> Try this logger to see what cas is doing with the attributes:
>
> <!-- DEBUG Found principal attributes [...] for [username]
> Attribute policy [???] allows release of [...] for
> [username]
> Final collection of attributes allowed are: [...] -->
> <AsyncLogger
> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>
> level="debug"/>
>
> The client application must be configured to call the CASv3 endpoint.
>
> Ray
>
> On Thu, 2021-03-25 at 01:56 -0700, Jérémie Pilette wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
>
> Hi,
> I would like to use Attribute release for one application (Yparéo).
> I was usin CAS 5.1, and it was operationnal.
>
> Now with the new version 6.4, it does'nt work.
>
> I am using json file configuration :
> ******************************************************************
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^(https|http)://URL/cas.*",
> "name" : "netYpareo",
> "id" : 10000005,
> "description" : "NetYparéo",
> "evaluationOrder" : 3,
> "accessStrategy" :
> {
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
> "enabled" : "true",
> "ssoEnabled" : "true",
> "requireAllAttributes": "true",
> "caseInsensitive": "false"
> },
> "attributeReleasePolicy" :
> {
> "@class" :
> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
> "allowedAttributes" :
> {
> "@class" : "java.util.TreeMap",
> "*id_attribute*" : "*codeNYP*"
> }
> },
> "authorizedToReleaseCredentialPassword" : "false",
> "authorizedToReleaseProxyGrantingTicket" : "false",
> "excludeDefaultAttributes" : "false",
> "*principalIdAttribute*" : "*login_attribute*"
> }
> ******************************************************************
> In my cas.properties :
> cas.authn.authentication-attribute-release-enabled=*true*
> cas.authn.ldap[0].principal-attribute-list=*id_attribute*
>
> Maybe I forget something ?
>
> One other question : How could we know which protocol is used to do that ?
> The application accept CASv3, so I want to use CASv3, not SAML or other
> ....
>
> Thank you
>
> --
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f0401584-5fa0-44b2-b400-829704856ccbn%40apereo.org.
