Hello. I am interested to add this feature to our 6.x CAS, we had no problems on 5.x but I don't get to find the key to enable it on the 6.x. As you said, I find it a very useful tool to debug problems in new clients.
Did you find the solution? Thanks for your time El martes, 6 de julio de 2021 a las 19:57:54 UTC+1, baron escribió: > Unfortunately, that doesn't seem to work for us. I even tried one level up > the class hierarchy with > > <AsyncLogger name="org.apereo.cas.services" level="info" > includeLocation="true"/> > > It also looks like all of our existing AsyncLogger entries already > have includeLocation="true" as well. > > On Mon, Jul 5, 2021 at 3:11 AM King, Robert <ro...@mun.ca> wrote: > >> I get the following WARN log entry from >> org.apereo.cas.services.RegisteredServiceAccessStrategyUtils >> >> >> >> WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - >> <Unauthorized Service Access. Service [defnotaservice] is not found in >> service registry.> >> >> >> >> >> >> I believe this is configured in log4j.xml with the following in <Loggers> >> >> >> >> <AsyncLogger >> name="org.apereo.cas.services.AbstractServicesManager" level="info" >> includeLocation="true"/> >> >> >> >> Hope that at least sets you on the correct path. >> >> >> >> >> >> >> >> *From:* cas-...@apereo.org <cas-...@apereo.org> *On Behalf Of *Baron >> Fujimoto >> *Sent:* Saturday, July 3, 2021 1:09 AM >> *To:* CAS Community <cas-...@apereo.org> >> *Subject:* [EXTERNAL SENDER] [cas-user] CAS 5.0, 6.3 logging differences >> >> >> >> Continuing our journey to upgrade from CAS 5.0 to 6.3, I have some >> questions re logging differences I'm seeing. >> >> >> >> Service not found in service registry >> >> ------------------------------------------------ >> >> With CAS 5.0, if a service was not registered, we see something like this >> logged for an unauthorized service such as "https://www.foo.com": >> >> >> >> WARN [org.apereo.cas.web.flow.ServiceAuthorizationCheck] - <Service >> Management: missing service. Service [https://www.foo.com] is not found >> in service registry.> >> >> >> >> This is often very helpful for troubleshooting to be able to see what URL >> an app is trying to use. >> >> >> >> But with CAS6.3 we see: >> >> >> >> ERROR >> [org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter] >> >> - <Service unauthorized> >> >> org.apereo.cas.services.UnauthorizedServiceException: Service unauthorized >> >> at >> org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer.execute(RegisteredServiceAccessStrategyAuditableEnforcer.java:112) >> >> ~[cas-server-core-services-api-6.3.4.jar:6.3.4] >> >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> >> ~[tomcat-util.jar:9.0.46] >> >> [...many many lines of stack trace...] >> >> at java.lang.Thread.run(Thread.java:829) [?:?] >> >> >> >> The unauthorized service is never identified, which removes a valuable >> troubleshooting tool. Is there a way to include this information? >> >> >> >> We definitely want to see things logged as ERRORs, but the stack trace >> seems more appropriate for something at the DEBUG level? >> >> >> >> Failed authentications >> >> ----------------------------- >> >> With CAS 5.0, when a user authentication failed, we'd see something like >> the following logged: >> >> >> >> INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> <LdapAuthenticationHandler failed authenticating USERNAME> >> >> WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> <Authentication has failed. Credentials may be incorrect or CAS cannot find >> authentication handler that supports [USERNAME] of type >> [UsernamePasswordCredential], which suggests a configuration problem.> >> >> INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >> <Audit trail record BEGIN >> >> ============================================================= >> >> WHO: USERNAME >> >> WHAT: Supplied credentials: [USERNAME] >> >> ACTION: AUTHENTICATION_FAILED >> >> APPLICATION: CAS >> >> WHEN: Fri Jul 02 17:06:00 HST 2021 >> >> CLIENT IP ADDRESS: 172.19.100.162 >> >> SERVER IP ADDRESS: 172.16.1.76 >> >> ============================================================= >> >> > >> >> >> >> Whereas with CAS 6.3, we get: >> >> >> >> INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> <[LdapAuthenticationHandler] exception details: [Invalid credentials].> >> >> INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >> <Audit trail record BEGIN >> >> ============================================================= >> >> WHO: USERNAME >> >> WHAT: Supplied credentials: >> [UsernamePasswordCredential(username=USERNAME, source=null, >> customFields={})] >> >> ACTION: AUTHENTICATION_FAILED >> >> APPLICATION: CAS >> >> WHEN: Fri Jul 02 17:00:45 HST 2021 >> >> CLIENT IP ADDRESS: 10.17.133.2 >> >> SERVER IP ADDRESS: 10.17.133.14 >> >> ============================================================= >> >> > >> >> WARN >> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] >> >> - <1 errors, 0 successes> >> >> DEBUG >> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] >> >> - <1 errors, 0 successes> >> >> org.apereo.cas.authentication.AuthenticationException: 1 errors, 0 >> successes >> >> at >> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:340) >> >> ~[cas-server-core-authentication-api-6.3.4.jar:6.3.4] >> >> [... ~200 more lines of stack trace ...] >> >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> >> ~[tomcat-util.jar:9.0.46] >> >> at java.lang.Thread.run(Thread.java:829) [?:?] >> >> >> >> This 200+ line stack trace seems like overkill and not really helpful. Is >> the solution to this just not logging >> org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver >> >> at the debug level? >> >> >> >> -- >> >> Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services >> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+u...@apereo.org. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2uh%3DN49pLnAmEuPxjem_yMmbXkQpfcj9fE3%2Brkk-v8yA%40mail.gmail.com >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2uh%3DN49pLnAmEuPxjem_yMmbXkQpfcj9fE3%2Brkk-v8yA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+u...@apereo.org. >> > To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6699c8c32a7446bf8ffbd9f9d58093ec%40mun.ca >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6699c8c32a7446bf8ffbd9f9d58093ec%40mun.ca?utm_medium=email&utm_source=footer> >> . >> > > > -- > Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/26a2f1b0-2e3e-4ef2-99cc-8a433837cd34n%40apereo.org.
