I have seen this discussion
https://groups.google.com/a/apereo.org/g/cas-user/c/uyZOUwGigQA
Maybe I have the same problem...
It is about Cache.
How can I clean the CAS cache ?
Thank you
Le jeudi 25 mars 2021 à 20:26:55 UTC+1, Jérémie Pilette a écrit :
>
> The attribute and the value are good in the LDAP.
> By watching the ldap.log.level=debug, I do not see something strange.. I
> can see all the values with their attributes, no error messages...
> Le jeudi 25 mars 2021 à 18:57:34 UTC+1, Ray Bon a écrit :
>
>> Jérémie,
>>
>> Check ldap to be sure an attribute and value exist for id_attribute for
>> your user. You could also check your ldap logs to see why the value is not
>> released.
>>
>> If cas is having difficulties connecting to ldap, you can set,
>> <Property name="ldap.log.level">debug</Property>
>> which is at the top of the log4j2.xml file.
>>
>> Ray
>>
>> On Thu, 2021-03-25 at 10:04 -0700, Jérémie Pilette wrote:
>>
>> Notice: This message was sent from outside the University of Victoria
>> email system. Please be cautious with links and sensitive information.
>>
>> Yes I have this file. I try to do with it ok.
>>
>> And in my */var.lib/tomcat9/Cataline.out*, I have this line :
>> [2021-03-25 18:02:39] [info] #033[33m2021-03-25 18:02:39,848 WARN
>> [org.apereo.cas.services.ReturnMappedAttributeReleasePolicy] - <Could not
>> find value for mapped attribute [*codeNYP*] that is based off of [
>> *id_attribute*] in the allowed attributes list. Ensure the original
>> attribute [*id_attribute*] is retrieved and contains at least a single
>> value. Attribute [*codeNYP*] will and can not be released without the
>> presence of a value.>#033[m
>>
>>
>> Le jeudi 25 mars 2021 à 17:55:46 UTC+1, Ray Bon a écrit :
>>
>> Jérémie,
>>
>> The cas logger bit can be added to etc/cas/config/log4j2.xml).
>>
>> Ray
>>
>> On Thu, 2021-03-25 at 09:35 -0700, Jérémie Pilette wrote:
>>
>> Notice: This message was sent from outside the University of Victoria
>> email system. Please be cautious with links and sensitive information.
>>
>> Thank you for your response Ray Bon, but where I have to do that ?
>> Should I uncomment these lines in a file or add these lines in a specific
>> file ?
>> Thank you.
>>
>>
>> Le jeudi 25 mars 2021 à 16:46:34 UTC+1, Ray Bon a écrit :
>>
>> Jérémie,
>>
>> Try this logger to see what cas is doing with the attributes:
>>
>> <!-- DEBUG Found principal attributes [...] for [username]
>> Attribute policy [???] allows release of [...] for
>> [username]
>> Final collection of attributes allowed are: [...] -->
>> <AsyncLogger
>> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>>
>> level="debug"/>
>>
>> The client application must be configured to call the CASv3 endpoint.
>>
>> Ray
>>
>> On Thu, 2021-03-25 at 01:56 -0700, Jérémie Pilette wrote:
>>
>> Notice: This message was sent from outside the University of Victoria
>> email system. Please be cautious with links and sensitive information.
>>
>>
>>
>> Hi,
>> I would like to use Attribute release for one application (Yparéo).
>> I was usin CAS 5.1, and it was operationnal.
>>
>> Now with the new version 6.4, it does'nt work.
>>
>> I am using json file configuration :
>> ******************************************************************
>> {
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId" : "^(https|http)://URL/cas.*",
>> "name" : "netYpareo",
>> "id" : 10000005,
>> "description" : "NetYparéo",
>> "evaluationOrder" : 3,
>> "accessStrategy" :
>> {
>> "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>> "enabled" : "true",
>> "ssoEnabled" : "true",
>> "requireAllAttributes": "true",
>> "caseInsensitive": "false"
>> },
>> "attributeReleasePolicy" :
>> {
>> "@class" :
>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
>> "allowedAttributes" :
>> {
>> "@class" : "java.util.TreeMap",
>> "*id_attribute*" : "*codeNYP*"
>> }
>> },
>> "authorizedToReleaseCredentialPassword" : "false",
>> "authorizedToReleaseProxyGrantingTicket" : "false",
>> "excludeDefaultAttributes" : "false",
>> "*principalIdAttribute*" : "*login_attribute*"
>> }
>> ******************************************************************
>> In my cas.properties :
>> cas.authn.authentication-attribute-release-enabled=*true*
>> cas.authn.ldap[0].principal-attribute-list=*id_attribute*
>>
>> Maybe I forget something ?
>>
>> One other question : How could we know which protocol is used to do that ?
>> The application accept CASv3, so I want to use CASv3, not SAML or other
>> ....
>>
>> Thank you
>>
>> --
>>
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>>
>> I respectfully acknowledge that my place of work is located within the
>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
>> WSÁNEĆ Nations.
>>
>> --
>>
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>>
>> I respectfully acknowledge that my place of work is located within the
>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
>> WSÁNEĆ Nations.
>>
>> --
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>>
>> I respectfully acknowledge that my place of work is located within the
>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
>> WSÁNEĆ Nations.
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e8cd23e-a1e4-448e-acfa-f54d2c93aa59n%40apereo.org.
