Hi,
I would like to provide you with some further details regarding the log and
the configuration OIDC :
I use an Tomcat11 with JDK 21 expose on 443 port.
The attributes from CAS are mapped as follows in cs.properties :
# Inclusion des claims dans les tokens
cas.authn.oidc.id-token.include-id-token-claims=true
cas.authn.oidc.core.claims-map.email=mailRoutingAddress
cas.authn.oidc.core.claims-map.MemberOf=groupe
cas.authn.oidc.core.claims-map.firstname=givenName
cas.authn.oidc.core.claims-map.lastname=sn
cas.authn.oidc.core.claims-map.displayname=displayName
cas.authn.oidc.core.claims-map.compteactif=compteactif
cas.authn.oidc.core.claims-map.fonctionuser=fonctionlibelle
cas.authn.oidc.core.claims-map.secteuruser=secteurlibelle
cas.authn.oidc.core.claims-map.serviceuser=servicelibelle
cas.authn.oidc.core.claims-map.departementuser=departementlibelle
cas.authn.oidc.core.claims-map.directionuser=directionlibelle
cas.authn.oidc.core.claims-map.contrat=employeeType
cas.authn.oidc.discovery.claims=sub,uid,email,firstname,lastname,displayname,compteactif,fonctionuser,serviceuser,departementuser,directionuser,contrat,MemberOf
cas.authn.oidc.core.user-defined-scopes.organisation=fonctionuser,serviceuser,departementuser,directionuser
cas.authn.oidc.core.user-defined-scopes.profile=firstname,lastname,displayname,compteactif,contrat
cas.authn.oidc.core.user-defined-scopes.email=email
cas.authn.oidc.core.user-defined-scopes.memberofargos=MemberOf
cas.authn.oidc.core.user-defined-scopes.memberofedgar=MemberOf
cas.authn.oidc.core.user-defined-scopes.memberofsigport=MemberOf
cas.authn.oidc.discovery.scopes=openid,profile,email,organisation,memberofargos,memberofedgar,memberofsigport
and we can clearly see the released attributes in the log :
=============================================================
WHEN: 2026-02-24T14:28:30.878608180
WHO: audit:unknown
WHAT: {service=https://testoidc.example.net/cas/oidc/authorize,
scope=[organisation, memberofedgar, openid, email, profile],
attributes={departementuser=[Département infrastructures usages et postes
de travail], fonctionuser=[Ingénieur systèmes et réseau],
firstname=[Alain], directionuser=[Direction des systèmes d'information],
contrat=[Permanent], MemberOf=[argos, edgar, supervision],
displayname=[Alain DELOING], compteactif=[true], serviceuser=[Service
infrastructures], email=[[email protected]], lastname=[DELOING]},
id=adeloing, client_id=WwWNfRLCBStw1X3x0F7hYIm5m5z0UY}
ACTION: OAUTH2_USER_PROFILE_CREATED
CLIENT_IP: 192.168.1.111
SERVER_IP: 192.168.1.59
=============================================================
Attribute values containing special characters are displayed : like
fonctionuser=[Ingénieur
systèmes et réseau],
But after authentication, they not displayed in my browser. I use an php
index to display the attributes with his value like this :
$attributes = getallheaders();
<?php if (!empty($attributes)): ?>
<table>
<tr>
<th>Nom de l’attribut</th>
<th>Valeur(s)</th>
</tr>
<?php foreach ($attributes as $name => $values): ?>
<tr>
<td><?= htmlspecialchars($name, ENT_QUOTES, 'UTF-8') ?></td>
<td><?= htmlspecialchars($values) ?></td>
</tr>
<?php endforeach; ?>
</table>
<?php else: ?>
<p><em>Aucun attribut reçu.</em></p>
<?php endif; ?>
OIDC_CLAIM_directionuser :
OIDC_CLAIM_departementuser :
OIDC_CLAIM_serviceuser : Service infrastructures
OIDC_CLAIM_email : [email protected]
OIDC_CLAIM_lastname : DELOING
OIDC_CLAIM_preferred_username : adeloing
Has anyone else encountered this issue ?
I should point out that under SAML, accented values are displayed like
this : fonction : Ingénieur systèmes et réseau
Regards
Le vendredi 23 janvier 2026 à 14:57:47 UTC+1, livio dezorzi a écrit :
> I have some attribute values encoded in base64 due to special
> characters: French conventions. With SAML, the values display correctly,
> but with OIDC, they don't. Is there some subtlety I'm missing ? Have you
> encountered this issue ?
> Thanks
> Regards
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a14d4b7f-79f4-44e8-8154-91a04c98843cn%40apereo.org.
�[32m2026-02-24 15:28:14,952 INFO [org.apereo.cas.throttle.AbstractInMemoryThrottledSubmissionHandlerInterceptorAdapter] - <Beginning audit cleanup...>
�[m�[32m2026-02-24 15:28:19,994 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
�[m�[32m2026-02-24 15:28:20,435 INFO [org.springframework.security.config.annotation.authentication.configuration.InitializeUserDetailsBeanManagerConfigurer$InitializeUserDetailsManagerConfigurer] - <Global AuthenticationManager configured with UserDetailsService bean with name userDetailsService>
�[m�[32m2026-02-24 15:28:20,977 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not enabled for [Token/JWT Tickets]. The cipher [OidcRegisteredServiceJwtResponseModeCipherExecutor] will attempt to produce plain objects>
�[m�[32m2026-02-24 15:28:21,993 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:21.991918985
WHO: audit:unknown
WHAT: {result=Service Access Granted, requiredAttributes={MemberOf=[edgar]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:22,357 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:22.356982411
WHO: audit:unknown
WHAT: {result=Service Access Granted, service=https://testoidc.example.net/cas/oidc/authorize, requiredAttributes={MemberOf=[edgar]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:22,539 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:22.538900381
WHO: audit:unknown
WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver, event=success, url=https://cas.example.fr/cas/login?service=https%3A%2F%2Fcas.example.fr%2Fcas%2Foauth2.0%2FcallbackAuthorize%3Fclient_id%3DWwWNfRLCBStw1X3x0F7hYIm5m5z0UY%26scope%3Dopenid%2520profile%2520organisation%2520email%2520memberofedgar%26redirect_uri%3Dhttps%253A%252F%252Ftestoidc.example.net%252Fcas%252Foidc%252Fauthorize%26response_type%3Dcode%26state%3DepTvm5YA5r8IPKaVWzlehEpiFkA%26nonce%3D39xSAPcusIkf5c170S5ro6OETx289d3XigF_fxT6EPY%26code_challenge_method%3DS256%26code_challenge%3D7MZd0dMHWYjkUAxfyJvauL0p_MOf70xDIC_ywN5hqZA%26client_name%3DCasOAuthClient, timestamp=2026-02-24T14:28:22.537}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:29,906 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:29.906134639
WHO: audit:unknown
WHAT: {result=Service Access Granted, service=https://testoidc.example.net/cas/oidc/authorize, requiredAttributes={MemberOf=[edgar]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:29,953 INFO [org.apereo.cas.throttle.AbstractInMemoryThrottledSubmissionHandlerInterceptorAdapter] - <Beginning audit cleanup...>
�[m�[33m2026-02-24 15:28:30,070 WARN [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Requested LDAP attribute [secteurlibelle] could not be found on LDAP entry for [uid=adeloing,ou=agents,ou=usagers,dc=nordpasdecalais,dc=fr]>
�[m�[32m2026-02-24 15:28:30,085 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Authenticated principal [adeloing] with attributes [{servicelibelle=[Service infrastructures], displayName=[Alain DELOING], givenName=[Alain], cn=[AG050325], compteactif=[TRUE], directionlibelle=[Direction des systèmes d'information], fonctionlibelle=[Ingénieur systèmes et réseau], uid=[adeloing], groupe=[argos, edgar, supervision], employeeType=[Permanent], departementlibelle=[Département infrastructures usages et postes de travail], sn=[DELOING], entryDN=[uid=adeloing,ou=agents,ou=usagers,dc=nordpasdecalais,dc=fr], mailRoutingAddress=[[email protected]]}] via credentials [[UsernamePasswordCredential(username=adeloing, source=null, customFields={})]].>
�[m�[32m2026-02-24 15:28:30,087 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.086926533
WHO: adeloing
WHAT: {credential=****************, source=null, customFields={})], registeredServiceUrl=^https://testoidc\.example\.net/.*, registeredServiceId=1517567027, registeredServiceFriendlyName=OpenID Connect Relying Party, registeredServiceName=Application TestOIDC, service=https://testoidc.example.net/cas/oidc/authorize}
ACTION: AUTHENTICATION_SUCCESS
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,102 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.102698029
WHO: adeloing
WHAT: {result=Service Access Granted, service=https://testoidc.example.net/cas/oidc/authorize, requiredAttributes={MemberOf=[edgar]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,155 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.155067564
WHO: adeloing
WHAT: {result=Service Access Granted, service=https://testoidc.example.net/cas/oidc/authorize, requiredAttributes={MemberOf=[edgar]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,173 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.173754200
WHO: adeloing
WHAT: TGT-1-****************8N30ZXs-cassrv
ACTION: TICKET_GRANTING_TICKET_CREATED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,241 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.240890709
WHO: adeloing
WHAT: {result=Service Access Granted, service=https://testoidc.example.net/cas/oidc/authorize, requiredAttributes={MemberOf=[edgar]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,257 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted service ticket [ST-1-****************9A7qx2w-cassrv] for service [https://testoidc.example.net/cas/oidc/authorize] and principal [adeloing]>
�[m�[32m2026-02-24 15:28:30,259 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.259476917
WHO: adeloing
WHAT: {service=https://testoidc.example.net/cas/oidc/authorize, ticketId=ST-1-****************9A7qx2w-cassrv}
ACTION: SERVICE_TICKET_CREATED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,380 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.380528724
WHO: adeloing
WHAT: {result=Service Access Granted, service=https://testoidc.example.net/cas/oidc/authorize, requiredAttributes={MemberOf=[edgar]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,390 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.389931709
WHO: adeloing
WHAT: {ticket=ST-1-****************9A7qx2w-cassrv, service=https://testoidc.example.net/cas/oidc/authorize}
ACTION: SERVICE_TICKET_VALIDATE_SUCCESS
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,437 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.437096140
WHO: audit:unknown
WHAT: {result=Service Access Granted, requiredAttributes={MemberOf=[edgar]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,466 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.465908999
WHO: adeloing
WHAT: {result=Service Access Granted, service=WwWNfRLCBStw1X3x0F7hYIm5m5z0UY, requiredAttributes={MemberOf=[edgar]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,552 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.552722161
WHO: audit:unknown
WHAT: {code=OC-1-****************tTUV3eB-cassrv, state=epTvm5YA5r8IPKaVWzlehEpiFkA, nonce=39xSAPcusIkf5c170S5ro6OETx289d3XigF_fxT6EPY}
ACTION: OAUTH2_AUTHORIZATION_RESPONSE_CREATED
CLIENT_IP: 10.0.0.108
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,606 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.606289933
WHO: audit:unknown
WHAT: {result=Service Access Granted, requiredAttributes={MemberOf=[edgar]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 192.168.1.111
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,615 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.615538621
WHO: audit:unknown
WHAT: {result=Service Access Granted, requiredAttributes={MemberOf=[edgar]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 192.168.1.111
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[33m2026-02-24 15:28:30,622 WARN [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] - <None of the principal resolvers in the chain were able to produce a principal>
�[m�[33m2026-02-24 15:28:30,632 WARN [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Located claim [firstname] mapped to attribute [givenName], yet resolved attributes [{}] do not contain attribute [givenName]>
�[m�[33m2026-02-24 15:28:30,633 WARN [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Located claim [lastname] mapped to attribute [sn], yet resolved attributes [{}] do not contain attribute [sn]>
�[m�[33m2026-02-24 15:28:30,634 WARN [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Located claim [displayname] mapped to attribute [displayName], yet resolved attributes [{}] do not contain attribute [displayName]>
�[m�[33m2026-02-24 15:28:30,635 WARN [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Located claim [compteactif] mapped to attribute [compteactif], yet resolved attributes [{}] do not contain attribute [compteactif]>
�[m�[33m2026-02-24 15:28:30,635 WARN [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Located claim [contrat] mapped to attribute [employeeType], yet resolved attributes [{}] do not contain attribute [employeeType]>
�[m�[33m2026-02-24 15:28:30,636 WARN [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Located claim [fonctionuser] mapped to attribute [fonctionlibelle], yet resolved attributes [{}] do not contain attribute [fonctionlibelle]>
�[m�[33m2026-02-24 15:28:30,636 WARN [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Located claim [serviceuser] mapped to attribute [servicelibelle], yet resolved attributes [{}] do not contain attribute [servicelibelle]>
�[m�[33m2026-02-24 15:28:30,636 WARN [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Located claim [departementuser] mapped to attribute [departementlibelle], yet resolved attributes [{}] do not contain attribute [departementlibelle]>
�[m�[33m2026-02-24 15:28:30,636 WARN [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Located claim [directionuser] mapped to attribute [directionlibelle], yet resolved attributes [{}] do not contain attribute [directionlibelle]>
�[m�[33m2026-02-24 15:28:30,636 WARN [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Located claim [MemberOf] mapped to attribute [groupe], yet resolved attributes [{}] do not contain attribute [groupe]>
�[m�[33m2026-02-24 15:28:30,636 WARN [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Located claim [email] mapped to attribute [mailRoutingAddress], yet resolved attributes [{}] do not contain attribute [mailRoutingAddress]>
�[m�[32m2026-02-24 15:28:30,702 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.702369020
WHO: adeloing
WHAT: {result=Service Access Granted, service=WwWNfRLCBStw1X3x0F7hYIm5m5z0UY, requiredAttributes={MemberOf=[edgar]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 192.168.1.111
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,717 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.717003938
WHO: audit:unknown
WHAT: {code=OC-1-****************tTUV3eB-cassrv, grant_type=authorization_code, service=https://testoidc.example.net/cas/oidc/authorize, scope=[email, memberofedgar, openid, organisation, profile], response_type=none, redirect_uri=null, client_id=null}
ACTION: OAUTH2_ACCESS_TOKEN_REQUEST_CREATED
CLIENT_IP: 192.168.1.111
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[33m2026-02-24 15:28:30,755 WARN [org.apereo.cas.oidc.token.OidcIdTokenGeneratorService] - <Individual claims requested by OpenID scopes are forced to be included in the ID token. This is a violation of the OpenID Connect specification and a workaround via dedicated CAS configuration. Claims should be requested from the userinfo/profile endpoints in exchange for an access token.>
�[m�[32m2026-02-24 15:28:30,806 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.805990888
WHO: adeloing
WHAT: {authn_methods=[org.pac4j.core.profile.BasicUserProfile], service=AbstractWebApplicationService(id=https://testoidc.example.net/cas/oidc/authorize, originalUrl=https://testoidc.example.net/cas/oidc/authorize, artifactId=null, principal=null, source=null, tenant=null, loggedOutAlready=false, format=XML, attributes={headers={jakarta.servlet.http.HttpServletRequest.header-authorization=[Basic V3dXTmZSTENCU3R3MVgzeDBGN2hZSW01bTV6MFVZOmpEaThveUhLYnlwcm9HMUZJNTNBZFYzR0pxSEFOUkxCMXVkeUlQS1IwZTNYS1h5Vnoz], jakarta.servlet.http.HttpServletRequest.header-user-agent=[[testoidc.example.net:443:544078] mod_auth_openidc-2.4.17 libcurl-8.13.0 openssl-3.5.0], jakarta.servlet.http.HttpServletRequest.header-accept=[*/*], jakarta.servlet.http.HttpServletRequest.header-content-type=[application/x-www-form-urlencoded], jakarta.servlet.http.HttpServletRequest.header-content-length=[219]}, code=[OC-1-****************tTUV3eB-cassrv], grant_type=[authorization_code], httpRequest={jakarta.servlet.http.HttpServletRequest.httpMethod=[POST], jakarta.servlet.http.HttpServletRequest.requestURL=[https://cas.example.fr/cas/oidc/oidcAccessToken], jakarta.servlet.http.HttpServletRequest.requestURI=[/cas/oidc/oidcAccessToken], jakarta.servlet.http.HttpServletRequest.requestId=[24], jakarta.servlet.http.HttpServletRequest.contentType=[application/x-www-form-urlencoded], jakarta.servlet.http.HttpServletRequest.contextPath=[/cas], jakarta.servlet.http.HttpServletRequest.localeName=[cassrv.example.net]}, redirect_uri=[https://testoidc.example.net/cas/oidc/authorize], code_verifier=[B-Obo-YqxlNklKjpVhvHQvYk8Caj-2Y11KT5Scvhn04]}), scope=[openid, profile, organisation, memberofedgar, email], id_token=****************..., txn=c0e0a23a-56d6-43df-9ebf-075ca417c801, client_id=WwWNfRLCBStw1X3x0F7hYIm5m5z0UY, username=WwWNfRLCBStw1X3x0F7hYIm5m5z0UY}
ACTION: OIDC_ID_TOKEN_CREATED
CLIENT_IP: 192.168.1.111
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,811 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.811527678
WHO: adeloing
WHAT: {access_token=AT-2-****************A4HzUKI-cassrv, scope=openid profile organisation memberofedgar email, id_token=****************..., token_type=Bearer, expires_in=28800}
ACTION: OAUTH2_ACCESS_TOKEN_RESPONSE_CREATED
CLIENT_IP: 192.168.1.111
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:30,878 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHEN: 2026-02-24T14:28:30.878608180
WHO: audit:unknown
WHAT: {service=https://testoidc.example.net/cas/oidc/authorize, scope=[organisation, memberofedgar, openid, email, profile], attributes={departementuser=[Département infrastructures usages et postes de travail], fonctionuser=[Ingénieur systèmes et réseau], firstname=[Alain], directionuser=[Direction des systèmes d'information], contrat=[Permanent], MemberOf=[argos, edgar, supervision], displayname=[Alain DELOING], compteactif=[true], serviceuser=[Service infrastructures], email=[[email protected]], lastname=[DELOING]}, id=adeloing, client_id=WwWNfRLCBStw1X3x0F7hYIm5m5z0UY}
ACTION: OAUTH2_USER_PROFILE_CREATED
CLIENT_IP: 192.168.1.111
SERVER_IP: 192.168.1.59
=============================================================
>
�[m�[32m2026-02-24 15:28:44,954 INFO [org.apereo.cas.throttle.AbstractInMemoryThrottledSubmissionHandlerInterceptorAdapter] - <Beginning audit cleanup...>
�[m
