Re: [cas-user] empty SAML response with mod_auth_cas from v1.2/master
Hi, David. I'll need to check the previous server version, but I've made significant progress using the unmerged patch on your fork (apereo#148). I'm still testing, but planned to reach out to you regarding a PR. The ticketing server reports "samlValidate failing due to NullPointerException." I followed your lead in this thread to troubleshoot the empty requestID issue: https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/tm8aQrzKDbc Continuing here: https://github.com/apereo/mod_auth_cas/issues/148 I cloned your repo (https://github.com/dhawes/mod_auth_cas.git) and merged the fix: "issue-148-missing-requestid" https://github.com/dhawes/mod_auth_cas/commit/1ca702b08c47f15451014201718b9e78a114b3e9 For my tests, I needed to replace "SSL_library_init" with "OPENSSL_init_ssl." From there, the build process was smooth. I am now getting the proper XML with the validation response and mod_auth_cas response, and I can view attributes in the cached ticket. This just works. What additional testing would be required to merge this fix? Thanks for you work! -Alan On Tuesday, June 4, 2019 at 3:17:30 PM UTC-5, dhawes wrote: > > On Mon, 3 Jun 2019 at 17:13, Alan S > > wrote: > > > > Hi, all, > > > > Our previous Apache client (mod_auth_cas v1.0.9.1) worked seamlessly > with our organization's CAS server, and retrieving SAML attributes was no > problem at all. Currently, we're working toward a rollout of CAS 5.3.3, and > I'm trying to integrate an Apache client built from the master branch (v1.2 > tag). > > > > If I return only the CAS user from serviceValidate, that response is > good; however, I'm getting a null response from the samlValidate endpoint, > where Apache reports "Validation response: (null)" with no additional > logging. Could I please get some troubleshooting advice for returning > proper SAML using the latest Apache module? > > Do versions prior to v1.2 work with CAS 5.3.3? > > Do your CAS server logs show anything about the CAS validation response > sent? > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9ab1a33f-6b19-4a23-a06a-bba87c3fe073%40apereo.org.
Re: [cas-user] empty SAML response with mod_auth_cas from v1.2/master
On Mon, 3 Jun 2019 at 17:13, Alan S wrote: > > Hi, all, > > Our previous Apache client (mod_auth_cas v1.0.9.1) worked seamlessly with our > organization's CAS server, and retrieving SAML attributes was no problem at > all. Currently, we're working toward a rollout of CAS 5.3.3, and I'm trying > to integrate an Apache client built from the master branch (v1.2 tag). > > If I return only the CAS user from serviceValidate, that response is good; > however, I'm getting a null response from the samlValidate endpoint, where > Apache reports "Validation response: (null)" with no additional logging. > Could I please get some troubleshooting advice for returning proper SAML > using the latest Apache module? Do versions prior to v1.2 work with CAS 5.3.3? Do your CAS server logs show anything about the CAS validation response sent? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wCbXMBNGM-iL8P-SaY1XNk_NkmJMmpp%3D08a4uxN%2B_82zQ%40mail.gmail.com. smime.p7s Description: S/MIME Cryptographic Signature
[cas-user] logging authentication failures as successes
Hello, We just noticed that the log files (cas_audit.log and cas-2019.log) are reporting authentication failures as successes. Below is a sniped from cas-2019-06-04-10-2.log which shows it sees it as a failure on line 18436 but then reports it as a success in both cas_audit.log and cas-2019-06-04-10-2.log (line 18441). We know that failures were reporting correctly at some point but am unsure what has changed. Below are also the configs from log4j2.xml. Any help or insight that you can offer would be greatly apprecited. Thank you, Chris Pasek The College of St. Scholastica Duluth, MN cas-2019-06-04-10-2.log: 18436 2019-06-04 11:20:36,369 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 18437 2019-06-04 11:20:36,370 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 18449 2019-06-04 11:20:38,308 INFO [org.apereo.cas.web.flow.authentication.RankedMultifactorAuthenticationProviderSelector] - 18450 2019-06-04 11:20:38,309 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7061b8a-a82f-4686-99d0-c2eaf8da054a%40apereo.org.
[cas-user] Re: SAMLReponse Add new Attributes
Do you have any other SPs working with this CAS instance, or is this your
first?
On Tuesday, June 4, 2019 at 3:33:55 AM UTC-6, Andrey Seledkov wrote:
>
> Nothing helps
>
> my property file has next properties
>
> cas.authn.samlIdp.entityId=${cas.server.prefix}/idp
> cas.authn.samlIdp.scope=${SERVER_NAME}
> cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
> cas.authn.samlIdp.metadata.location=file:/etc/cas/saml
> cas.authn.samlIdp.attributeQueryProfileEnabled=true
>
>
>
>
> вторник, 4 июня 2019 г., 4:20:53 UTC+3 пользователь Andy Ng написал:
>>
>> Hi Andrey,
>>
>> Can you try ReturnAllAttributeReleasePolicy, see if is the policy that
>> have problem, or is the release of attribute not correct.
>>
>> https://apereo.github.io/cas/6.0.x/integration/Attribute-Release-Policies.html#return-all
>>
>>
>>
>> Cheers!
>> - Andy
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe33c87d-d2da-481e-94b7-f63b63876d49%40apereo.org.
[cas-user] [Token/JWT Tickets] Misleading warnings ?
Both with 5.3.10 and 6.0.4 I am observing strange warnings in my log:
2019-06-04 16:41:13,282 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] -
2019-06-04 16:41:13,283 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] -
I don't get what's complaining about.
I defined these global variables in cas.properties :
cas.authn.token.crypto.enabled=true
cas.authn.token.crypto.signingEnabled=true
cas.authn.token.crypto.encryptionEnabled=true
cas.authn.token.crypto.signing.key=${OPTOPLUS_CAS_TOKEN_SIGNING_KEY}
cas.authn.token.crypto.signing.keySize=512
cas.authn.token.crypto.encryption.key=${OPTOPLUS_CAS_TOKEN_ENCRYPTION_KEY}
cas.authn.token.crypto.encryption.keySize=256
cas.authn.token.crypto.alg=A128CBC-HS256
Also, I believe (and I DO REALLY HOPE SO) my JWT Tickets are indeed signed
and ciphered since my backend use jose4j to verify signature and
deciphering :
JsonWebSignature
jws = new JsonWebSignature();
jws.setCompactSerialization(bearer);
jws.setKey(signingKey);
if (jws.verifySignature()) {
JsonWebEncryption jwe = new
JsonWebEncryption();
jwe.setCompactSerialization(new
String(Base64.decodeBase64(jws.getEncodedPayload()),
StandardCharsets.UTF_8));
jwe.setKey(encryptionKey);
JwtClaims claims =
JwtClaims.parse(jwe.getPlaintextString());
NumericDate issuedAt = claims.getIssuedAt();
issuedAt.addSeconds(60);
if (Objects.nonNull(issuedAt) &&
issuedAt.isAfter(NumericDate.now())) {
String subject = claims.getSubject();
if (StringUtils.isNotBlank(subject)) {
CredentialValidationResult validate
= this.identityStore.validate(new CallerOnlyCredential(subject));
if
(Status.VALID.equals(validate.getStatus())) {
return
httpMessageContext.notifyContainerAboutLogin(validate);
}
}
}
}
According to:
https://github.com/apereo/cas/blob/master/core/cas-server-core-util-api/src/main/java/org/apereo/cas/util/cipher/BaseStringCipherExecutor.java
this.encryptionEnabled = encryptionEnabled || StringUtils.
isNotBlank(secretKeyEncryption);
this.signingEnabled = signingEnabled || StringUtils.
isNotBlank(secretKeySigning);
this.signingKeySize = signingKeyLength <= 0 ? CipherExecutor.
DEFAULT_STRINGABLE_SIGNING_KEY_SIZE : signingKeyLength;
this.encryptionKeySize = encryptionKeyLength <= 0 ? CipherExecutor.
DEFAULT_STRINGABLE_ENCRYPTION_KEY_SIZE : encryptionKeyLength;
if (this.encryptionEnabled) {
configureEncryptionParameters(secretKeyEncryption,
contentEncryptionAlgorithmIdentifier);
} else {
LOGGER.info("Encryption is not enabled for [{}]. The cipher
[{}] will only attempt to produce signed objects",
getName(), getClass().getSimpleName());
}
I can't understand what's happening. I believe encryptionEnabled is
cas.authn.token.crypto.encryptionEnabled
and secretKeyEncryption should be cas.authn.token.crypto.encryption.key.
Am I missing something ?
Thank you in advance
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bbd324e4-de79-45c3-8422-96165b74a95d%40apereo.org.
[cas-user] Re: CAS 6.0.X breaks JWT Signing
This seems to be fixed in 6.0.4 Thank you On Tuesday, March 19, 2019 at 11:41:45 AM UTC+1, Alessandro Moscatelli wrote: > > Upgrading CAS from 5.3.X to 6.0.X seems to break JWT Signing (and maybe > Encryption? I cannot tell). > > I am actually using nimbus library to verify/decrypt JWT produces by CAS. > > What I have already tried : > > 1) Using jose4j instead of nimbus using the same code as described in > https://apereo.github.io/cas/6.0.x/installation/Configure-ServiceTicket-JWT.html > 2) Regenerating the AES keys produced by the CAS (I use the keys > automatically used by CAS and then I put them into config, I do NOT > generate keys by myself) > > I upgraded to CAS 5.3.9 and everything works as usual. > > Best regards > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/43765c39-caa7-47e3-8b00-256a20008d2e%40apereo.org.
Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script
Debian,
Is waiting.html protected by a CAS client?
The 'not authorized' message shows in CAS when an application redirects to CAS
but is not in CAS services. Check your browser network traffic to see the
redirects.
Ray
On Tue, 2019-06-04 at 02:58 -0700, Debian HNT wrote:
Ray,
UPDATE
I wrote my own logs by redirecting to a file to see if this.accountStatus
recovers the correct state
like this
java.net.URI getUnauthorizedRedirectUrl() {
if (this.accountStatus == 'Blocked') {
File file = new File("/tmp/cas")
file.append(this.accountStatus)
So in my toto file I have the waiting status
GNU nano 2.7.4 File : /tmp/cas
Waiting
When Im trying to connect :
2019-06-04 11:42:20,415 WARN
[org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] -
https://cas-univ.com/waiting.html)]>
So it sounds good but the page doesnt redirect to the url and display
"Application Not Authorized to Use CAS"
any suggestion?
Regards,
Ray,
Theses lines do not return anything in my logs...
I thought my file wasnt up but it is because the ldaptive debug is generated...
I dunno whats happening
regards,
Debian,
Add this to your log4j2.xml
replacing 'package' with the package of your class.
Add this as the first line of doPrincipalAttributesAllowServiceAccess method:
log.error("doPrincipalAttributesAllowServiceAccess: " +
attributes.get('udlAccountStatus'))
Log level does not have to be 'error', but this way it will definitely show in
the logs and 'should be' the only ERROR listed.
This way you will know when/if your method is called and the value of
udlAccountStatus.
Ray
On Mon, 2019-06-03 at 06:00 -0700, Debian HNT wrote:
Ray,
In my log4j2.xml I have this
When access is granted I have this in my logs
8430:2019-06-03 14:13:39,963 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
https://castete.univ.com/cas/status/dashboard] defined by registered
service [^https://castete.univ.com/cas/status/dashboard(\z|/.*)]...>
8431:2019-06-03 14:13:39,972 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8432:2019-06-03 14:13:39,973 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8433:2019-06-03 14:13:39,974 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8434:2019-06-03 14:13:39,976 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8435:2019-06-03 14:13:39,977 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8436:2019-06-03 14:13:39,984 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8437:2019-06-03 14:13:39,984 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8438:2019-06-03 14:13:39,985 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8439:2019-06-03 14:13:39,988 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8440:2019-06-03 14:13:39,993 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8441:2019-06-03 14:13:39,993 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8442:2019-06-03 14:13:39,994 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8443:2019-06-03 14:13:39,994 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
https://castete.univ.com/cas/status/dashboard] defined by registered
service [^https://castete.univ.com/cas/status/dashboard(\z|/.*)]...>
8444:2019-06-03 14:13:39,994 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8430:2019-06-03 14:13:39,963 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
https://castete.univ.com/cas/status/dashboard] defined by registered
service [^https://castete.univ.com/cas/status/dashboard(\z|/.*)]...>
8431:2019-06-03 14:13:39,972 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8432:2019-06-03 14:13:39,973 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8433:2019-06-03 14:13:39,974 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8434:2019-06-03 14:13:39,976 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8435:2019-06-03 14:13:39,977 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8436:2019-06-03 14:13:39,984 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
8437:2019-06-03 14:13:39,984 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script
Ray,
UPDATE
I wrote my own logs by redirecting to a file to see if this.accountStatus
recovers the correct state
like this
java.net.URI getUnauthorizedRedirectUrl() {
if (this.accountStatus == 'Blocked') {
File file = new File("/tmp/cas")
file.append(this.accountStatus)
So in my toto file I have the waiting status
GNU nano 2.7.4 File : /tmp/cas
*Waiting*
When Im trying to connect :
2019-06-04 11:42:20,415 WARN
[org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] -
https://cas-univ.com/waiting.html)]>
So it sounds good but the page doesnt redirect to the url and display
"Application Not Authorized to Use CAS"
any suggestion?
Regards,
Ray,
>
> Theses lines do not return anything in my logs...
> I thought my file wasnt up but it is because the ldaptive debug is
> generated...
> I dunno whats happening
>
> regards,
>
> Debian,
>>
>> Add this to your log4j2.xml
>> > level="debug"/>
>>
>> replacing 'package' with the package of your class.
>>
>> Add this as the first line of doPrincipalAttributesAllowServiceAccess
>> method:
>> log.error("doPrincipalAttributesAllowServiceAccess: " +
>> attributes.get('udlAccountStatus'))
>>
>> Log level does not have to be 'error', but this way it will definitely
>> show in the logs and 'should be' the only ERROR listed.
>> This way you will know when/if your method is called and the value of
>> udlAccountStatus.
>>
>> Ray
>>
>>
>> On Mon, 2019-06-03 at 06:00 -0700, Debian HNT wrote:
>>
>> Ray,
>>
>> In my log4j2.xml I have this
>>
>> > name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>>
>> level="debug"/>
>> > name="org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy"
>> level="debug"/>
>>
>> When access is granted I have this in my logs
>>
>> 8430:2019-06-03 14:13:39,963 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> > service [https://castete.univ.com/cas/status/dashboard] defined by
>> registered service [^https://castete.univ.com/cas/status/dashboard
>> (\z|/.*)]...>
>> 8431:2019-06-03 14:13:39,972 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>>
>> 8432:2019-06-03 14:13:39,973 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> > [DefaultPrincipalAttributesRepository()] to retrieve attributes>
>> 8433:2019-06-03 14:13:39,974 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> > udlAccountStatus=[Active]}] for [student1.stu]>
>> 8434:2019-06-03 14:13:39,976 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> > attributes for [student1.stu]>
>> 8435:2019-06-03 14:13:39,977 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> > [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}] for
>> [student1.stu>
>> 8436:2019-06-03 14:13:39,984 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>>
>> 8437:2019-06-03 14:13:39,984 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>>
>> 8438:2019-06-03 14:13:39,985 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> > any>
>> 8439:2019-06-03 14:13:39,988 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>>
>> 8440:2019-06-03 14:13:39,993 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>>
>> 8441:2019-06-03 14:13:39,993 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>>
>> 8442:2019-06-03 14:13:39,994 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>>
>> 8443:2019-06-03 14:13:39,994 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> > service [https://castete.univ.com/cas/status/dashboard] defined by
>> registered service [^https://castete.univ.com/cas/status/dashboard
>> (\z|/.*)]...>
>> 8444:2019-06-03 14:13:39,994 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> > [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}]>
>>
>>
>>
>> 8430:2019-06-03 14:13:39,963 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>> > service [https://castete.univ.com/cas/status/dashboard] defined by
>> registered service [^https://castete.univ.com/cas/status/dashboard
>> (\z|/.*)]...>
>> 8431:2019-06-03 14:13:39,972 DEBUG
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>>
>> 8432:2019-06-03 14:13:39,973 DEBUG
>>
[cas-user] Re: SAMLReponse Add new Attributes
Nothing helps
my property file has next properties
cas.authn.samlIdp.entityId=${cas.server.prefix}/idp
cas.authn.samlIdp.scope=${SERVER_NAME}
cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
cas.authn.samlIdp.metadata.location=file:/etc/cas/saml
cas.authn.samlIdp.attributeQueryProfileEnabled=true
вторник, 4 июня 2019 г., 4:20:53 UTC+3 пользователь Andy Ng написал:
>
> Hi Andrey,
>
> Can you try ReturnAllAttributeReleasePolicy, see if is the policy that
> have problem, or is the release of attribute not correct.
>
> https://apereo.github.io/cas/6.0.x/integration/Attribute-Release-Policies.html#return-all
>
>
>
> Cheers!
> - Andy
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b8c549f6-ec35-4b5b-ab66-258cb3dffd6b%40apereo.org.
Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script
Ray,
Theses lines do not return anything in my logs...
I thought my file wasnt up but it is because the ldaptive debug is
generated...
I dunno whats happening
regards,
Debian,
>
> Add this to your log4j2.xml
>
>
> replacing 'package' with the package of your class.
>
> Add this as the first line of doPrincipalAttributesAllowServiceAccess
> method:
> log.error("doPrincipalAttributesAllowServiceAccess: " +
> attributes.get('udlAccountStatus'))
>
> Log level does not have to be 'error', but this way it will definitely
> show in the logs and 'should be' the only ERROR listed.
> This way you will know when/if your method is called and the value of
> udlAccountStatus.
>
> Ray
>
>
> On Mon, 2019-06-03 at 06:00 -0700, Debian HNT wrote:
>
> Ray,
>
> In my log4j2.xml I have this
>
> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>
> level="debug"/>
> name="org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy"
> level="debug"/>
>
> When access is granted I have this in my logs
>
> 8430:2019-06-03 14:13:39,963 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> service [https://castete.univ.com/cas/status/dashboard] defined by
> registered service [^https://castete.univ.com/cas/status/dashboard
> (\z|/.*)]...>
> 8431:2019-06-03 14:13:39,972 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>
> 8432:2019-06-03 14:13:39,973 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> [DefaultPrincipalAttributesRepository()] to retrieve attributes>
> 8433:2019-06-03 14:13:39,974 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> udlAccountStatus=[Active]}] for [student1.stu]>
> 8434:2019-06-03 14:13:39,976 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> attributes for [student1.stu]>
> 8435:2019-06-03 14:13:39,977 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}] for
> [student1.stu>
> 8436:2019-06-03 14:13:39,984 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>
> 8437:2019-06-03 14:13:39,984 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>
> 8438:2019-06-03 14:13:39,985 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> any>
> 8439:2019-06-03 14:13:39,988 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>
> 8440:2019-06-03 14:13:39,993 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>
> 8441:2019-06-03 14:13:39,993 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>
> 8442:2019-06-03 14:13:39,994 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>
> 8443:2019-06-03 14:13:39,994 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> service [https://castete.univ.com/cas/status/dashboard] defined by
> registered service [^https://castete.univ.com/cas/status/dashboard
> (\z|/.*)]...>
> 8444:2019-06-03 14:13:39,994 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}]>
>
>
>
> 8430:2019-06-03 14:13:39,963 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> service [https://castete.univ.com/cas/status/dashboard] defined by
> registered service [^https://castete.univ.com/cas/status/dashboard
> (\z|/.*)]...>
> 8431:2019-06-03 14:13:39,972 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>
> 8432:2019-06-03 14:13:39,973 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> [DefaultPrincipalAttributesRepository()] to retrieve attributes>
> 8433:2019-06-03 14:13:39,974 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> udlAccountStatus=[Active]}] for [student1.stu]>
> 8434:2019-06-03 14:13:39,976 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> attributes for [student1.stu]>
> 8435:2019-06-03 14:13:39,977 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}] for
> [student1.stu]>
> 8436:2019-06-03 14:13:39,984 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>
> 8437:2019-06-03 14:13:39,984 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>
> 8438:2019-06-03 14:13:39,985 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> any>
> 8439:2019-06-03 14:13:39,988 DEBUG
>
