Hi Jason, Our root cause was the openjdk runtime update we received via our Oracle Linux repo. I was able to roll back to the prior version to work around this issue.
Good luck! Mike On Thu, Oct 28, 2021 at 7:55 AM Jason Cole <[email protected]> wrote: > Mike- > > What was your ultimate resolution for this? We've experienced the same > issue and are looking for ways around until we can update CAS. > > Thanks > Jason > > On Monday, August 2, 2021 at 10:45:32 PM UTC-5 Mike Osterman wrote: > >> Hello, >> >> We have two SAML services on CAS 5.3.x (yes, I know we need to get to >> 6.3.x STAT) that stopped working suddenly with behavior identical to this >> thread: >> https://groups.google.com/a/apereo.org/g/cas-user/c/fc_biQnh1l4 >> >> The kicker is that we haven't rebuilt the cas.war file recently, and the >> behavior only began happening very recently. >> >> One of the services maps the mail attribute to a SOAP schema: >> "attributeReleasePolicy" : { >> "@class" : >> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", >> "allowedAttributes" : { >> "@class" : "java.util.TreeMap", >> "sn" : "User.LastName", >> "givenName" : "User.FirstName", >> "mail" : " >> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; >> } >> } >> (note the : that others mentioned) >> >> And the other uses friendlyNames: >> "attributeFriendlyNames": { >> "@class": "java.util.HashMap", >> "urn:oid:1.3.6.1.4.1.5923.1.1.1.6": "eduPersonPrincipalName", >> "urn:oid:1.3.6.1.4.1.5923.1.1.1.9": "eduPersonScopedAffiliation" >> }, >> >> Again, these have worked for several months, and the compiled CAS binary >> hasn't changed in some time. The only thing that changed was the java >> binary itself via system updates on July 23, which coincides with this in >> the behavior beginning. It appears that this has somehow affected the >> attribute encoding. >> >> Apart from rolling back the openjdk RPMs and cutting over to 6.3.x >> spontaneously, does anyone have any ideas for workarounds for this >> behavior? >> >> Thank you, >> Mike >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHWqTTU0Y0aMtYMLbc2xY84SX1Z%3DU8gGTxM2LcvzYGKC4w%40mail.gmail.com.
