Re: [cas-user] empty SAML response with mod_auth_cas from v1.2/master
Hi, David. I'll need to check the previous server version, but I've made significant progress using the unmerged patch on your fork (apereo#148). I'm still testing, but planned to reach out to you regarding a PR. The ticketing server reports "samlValidate failing due to NullPointerException." I followed your lead in this thread to troubleshoot the empty requestID issue: https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/tm8aQrzKDbc Continuing here: https://github.com/apereo/mod_auth_cas/issues/148 I cloned your repo (https://github.com/dhawes/mod_auth_cas.git) and merged the fix: "issue-148-missing-requestid" https://github.com/dhawes/mod_auth_cas/commit/1ca702b08c47f15451014201718b9e78a114b3e9 For my tests, I needed to replace "SSL_library_init" with "OPENSSL_init_ssl." From there, the build process was smooth. I am now getting the proper XML with the validation response and mod_auth_cas response, and I can view attributes in the cached ticket. This just works. What additional testing would be required to merge this fix? Thanks for you work! -Alan On Tuesday, June 4, 2019 at 3:17:30 PM UTC-5, dhawes wrote: > > On Mon, 3 Jun 2019 at 17:13, Alan S > > wrote: > > > > Hi, all, > > > > Our previous Apache client (mod_auth_cas v1.0.9.1) worked seamlessly > with our organization's CAS server, and retrieving SAML attributes was no > problem at all. Currently, we're working toward a rollout of CAS 5.3.3, and > I'm trying to integrate an Apache client built from the master branch (v1.2 > tag). > > > > If I return only the CAS user from serviceValidate, that response is > good; however, I'm getting a null response from the samlValidate endpoint, > where Apache reports "Validation response: (null)" with no additional > logging. Could I please get some troubleshooting advice for returning > proper SAML using the latest Apache module? > > Do versions prior to v1.2 work with CAS 5.3.3? > > Do your CAS server logs show anything about the CAS validation response > sent? > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9ab1a33f-6b19-4a23-a06a-bba87c3fe073%40apereo.org.
Re: [cas-user] empty SAML response with mod_auth_cas from v1.2/master
On Mon, 3 Jun 2019 at 17:13, Alan S wrote: > > Hi, all, > > Our previous Apache client (mod_auth_cas v1.0.9.1) worked seamlessly with our > organization's CAS server, and retrieving SAML attributes was no problem at > all. Currently, we're working toward a rollout of CAS 5.3.3, and I'm trying > to integrate an Apache client built from the master branch (v1.2 tag). > > If I return only the CAS user from serviceValidate, that response is good; > however, I'm getting a null response from the samlValidate endpoint, where > Apache reports "Validation response: (null)" with no additional logging. > Could I please get some troubleshooting advice for returning proper SAML > using the latest Apache module? Do versions prior to v1.2 work with CAS 5.3.3? Do your CAS server logs show anything about the CAS validation response sent? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wCbXMBNGM-iL8P-SaY1XNk_NkmJMmpp%3D08a4uxN%2B_82zQ%40mail.gmail.com. smime.p7s Description: S/MIME Cryptographic Signature
[cas-user] logging authentication failures as successes
Hello, We just noticed that the log files (cas_audit.log and cas-2019.log) are reporting authentication failures as successes. Below is a sniped from cas-2019-06-04-10-2.log which shows it sees it as a failure on line 18436 but then reports it as a success in both cas_audit.log and cas-2019-06-04-10-2.log (line 18441). We know that failures were reporting correctly at some point but am unsure what has changed. Below are also the configs from log4j2.xml. Any help or insight that you can offer would be greatly apprecited. Thank you, Chris Pasek The College of St. Scholastica Duluth, MN cas-2019-06-04-10-2.log: 18436 2019-06-04 11:20:36,369 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 18437 2019-06-04 11:20:36,370 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 18449 2019-06-04 11:20:38,308 INFO [org.apereo.cas.web.flow.authentication.RankedMultifactorAuthenticationProviderSelector] - 18450 2019-06-04 11:20:38,309 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7061b8a-a82f-4686-99d0-c2eaf8da054a%40apereo.org.
[cas-user] Re: SAMLReponse Add new Attributes
Do you have any other SPs working with this CAS instance, or is this your first? On Tuesday, June 4, 2019 at 3:33:55 AM UTC-6, Andrey Seledkov wrote: > > Nothing helps > > my property file has next properties > > cas.authn.samlIdp.entityId=${cas.server.prefix}/idp > cas.authn.samlIdp.scope=${SERVER_NAME} > cas.authn.samlIdp.metadata.privateKeyAlgName=RSA > cas.authn.samlIdp.metadata.location=file:/etc/cas/saml > cas.authn.samlIdp.attributeQueryProfileEnabled=true > > > > > вторник, 4 июня 2019 г., 4:20:53 UTC+3 пользователь Andy Ng написал: >> >> Hi Andrey, >> >> Can you try ReturnAllAttributeReleasePolicy, see if is the policy that >> have problem, or is the release of attribute not correct. >> >> https://apereo.github.io/cas/6.0.x/integration/Attribute-Release-Policies.html#return-all >> >> >> >> Cheers! >> - Andy >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe33c87d-d2da-481e-94b7-f63b63876d49%40apereo.org.
[cas-user] [Token/JWT Tickets] Misleading warnings ?
Both with 5.3.10 and 6.0.4 I am observing strange warnings in my log: 2019-06-04 16:41:13,282 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2019-06-04 16:41:13,283 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - I don't get what's complaining about. I defined these global variables in cas.properties : cas.authn.token.crypto.enabled=true cas.authn.token.crypto.signingEnabled=true cas.authn.token.crypto.encryptionEnabled=true cas.authn.token.crypto.signing.key=${OPTOPLUS_CAS_TOKEN_SIGNING_KEY} cas.authn.token.crypto.signing.keySize=512 cas.authn.token.crypto.encryption.key=${OPTOPLUS_CAS_TOKEN_ENCRYPTION_KEY} cas.authn.token.crypto.encryption.keySize=256 cas.authn.token.crypto.alg=A128CBC-HS256 Also, I believe (and I DO REALLY HOPE SO) my JWT Tickets are indeed signed and ciphered since my backend use jose4j to verify signature and deciphering : JsonWebSignature jws = new JsonWebSignature(); jws.setCompactSerialization(bearer); jws.setKey(signingKey); if (jws.verifySignature()) { JsonWebEncryption jwe = new JsonWebEncryption(); jwe.setCompactSerialization(new String(Base64.decodeBase64(jws.getEncodedPayload()), StandardCharsets.UTF_8)); jwe.setKey(encryptionKey); JwtClaims claims = JwtClaims.parse(jwe.getPlaintextString()); NumericDate issuedAt = claims.getIssuedAt(); issuedAt.addSeconds(60); if (Objects.nonNull(issuedAt) && issuedAt.isAfter(NumericDate.now())) { String subject = claims.getSubject(); if (StringUtils.isNotBlank(subject)) { CredentialValidationResult validate = this.identityStore.validate(new CallerOnlyCredential(subject)); if (Status.VALID.equals(validate.getStatus())) { return httpMessageContext.notifyContainerAboutLogin(validate); } } } } According to: https://github.com/apereo/cas/blob/master/core/cas-server-core-util-api/src/main/java/org/apereo/cas/util/cipher/BaseStringCipherExecutor.java this.encryptionEnabled = encryptionEnabled || StringUtils. isNotBlank(secretKeyEncryption); this.signingEnabled = signingEnabled || StringUtils. isNotBlank(secretKeySigning); this.signingKeySize = signingKeyLength <= 0 ? CipherExecutor. DEFAULT_STRINGABLE_SIGNING_KEY_SIZE : signingKeyLength; this.encryptionKeySize = encryptionKeyLength <= 0 ? CipherExecutor. DEFAULT_STRINGABLE_ENCRYPTION_KEY_SIZE : encryptionKeyLength; if (this.encryptionEnabled) { configureEncryptionParameters(secretKeyEncryption, contentEncryptionAlgorithmIdentifier); } else { LOGGER.info("Encryption is not enabled for [{}]. The cipher [{}] will only attempt to produce signed objects", getName(), getClass().getSimpleName()); } I can't understand what's happening. I believe encryptionEnabled is cas.authn.token.crypto.encryptionEnabled and secretKeyEncryption should be cas.authn.token.crypto.encryption.key. Am I missing something ? Thank you in advance -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bbd324e4-de79-45c3-8422-96165b74a95d%40apereo.org.
[cas-user] Re: CAS 6.0.X breaks JWT Signing
This seems to be fixed in 6.0.4 Thank you On Tuesday, March 19, 2019 at 11:41:45 AM UTC+1, Alessandro Moscatelli wrote: > > Upgrading CAS from 5.3.X to 6.0.X seems to break JWT Signing (and maybe > Encryption? I cannot tell). > > I am actually using nimbus library to verify/decrypt JWT produces by CAS. > > What I have already tried : > > 1) Using jose4j instead of nimbus using the same code as described in > https://apereo.github.io/cas/6.0.x/installation/Configure-ServiceTicket-JWT.html > 2) Regenerating the AES keys produced by the CAS (I use the keys > automatically used by CAS and then I put them into config, I do NOT > generate keys by myself) > > I upgraded to CAS 5.3.9 and everything works as usual. > > Best regards > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/43765c39-caa7-47e3-8b00-256a20008d2e%40apereo.org.
Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script
Debian, Is waiting.html protected by a CAS client? The 'not authorized' message shows in CAS when an application redirects to CAS but is not in CAS services. Check your browser network traffic to see the redirects. Ray On Tue, 2019-06-04 at 02:58 -0700, Debian HNT wrote: Ray, UPDATE I wrote my own logs by redirecting to a file to see if this.accountStatus recovers the correct state like this java.net.URI getUnauthorizedRedirectUrl() { if (this.accountStatus == 'Blocked') { File file = new File("/tmp/cas") file.append(this.accountStatus) So in my toto file I have the waiting status GNU nano 2.7.4 File : /tmp/cas Waiting When Im trying to connect : 2019-06-04 11:42:20,415 WARN [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - https://cas-univ.com/waiting.html)]> So it sounds good but the page doesnt redirect to the url and display "Application Not Authorized to Use CAS" any suggestion? Regards, Ray, Theses lines do not return anything in my logs... I thought my file wasnt up but it is because the ldaptive debug is generated... I dunno whats happening regards, Debian, Add this to your log4j2.xml replacing 'package' with the package of your class. Add this as the first line of doPrincipalAttributesAllowServiceAccess method: log.error("doPrincipalAttributesAllowServiceAccess: " + attributes.get('udlAccountStatus')) Log level does not have to be 'error', but this way it will definitely show in the logs and 'should be' the only ERROR listed. This way you will know when/if your method is called and the value of udlAccountStatus. Ray On Mon, 2019-06-03 at 06:00 -0700, Debian HNT wrote: Ray, In my log4j2.xml I have this When access is granted I have this in my logs 8430:2019-06-03 14:13:39,963 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - https://castete.univ.com/cas/status/dashboard] defined by registered service [^https://castete.univ.com/cas/status/dashboard(\z|/.*)]...> 8431:2019-06-03 14:13:39,972 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8432:2019-06-03 14:13:39,973 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8433:2019-06-03 14:13:39,974 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8434:2019-06-03 14:13:39,976 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8435:2019-06-03 14:13:39,977 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8436:2019-06-03 14:13:39,984 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8437:2019-06-03 14:13:39,984 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8438:2019-06-03 14:13:39,985 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8439:2019-06-03 14:13:39,988 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8440:2019-06-03 14:13:39,993 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8441:2019-06-03 14:13:39,993 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8442:2019-06-03 14:13:39,994 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8443:2019-06-03 14:13:39,994 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - https://castete.univ.com/cas/status/dashboard] defined by registered service [^https://castete.univ.com/cas/status/dashboard(\z|/.*)]...> 8444:2019-06-03 14:13:39,994 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8430:2019-06-03 14:13:39,963 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - https://castete.univ.com/cas/status/dashboard] defined by registered service [^https://castete.univ.com/cas/status/dashboard(\z|/.*)]...> 8431:2019-06-03 14:13:39,972 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8432:2019-06-03 14:13:39,973 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8433:2019-06-03 14:13:39,974 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8434:2019-06-03 14:13:39,976 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8435:2019-06-03 14:13:39,977 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8436:2019-06-03 14:13:39,984 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 8437:2019-06-03 14:13:39,984 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script
Ray, UPDATE I wrote my own logs by redirecting to a file to see if this.accountStatus recovers the correct state like this java.net.URI getUnauthorizedRedirectUrl() { if (this.accountStatus == 'Blocked') { File file = new File("/tmp/cas") file.append(this.accountStatus) So in my toto file I have the waiting status GNU nano 2.7.4 File : /tmp/cas *Waiting* When Im trying to connect : 2019-06-04 11:42:20,415 WARN [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - https://cas-univ.com/waiting.html)]> So it sounds good but the page doesnt redirect to the url and display "Application Not Authorized to Use CAS" any suggestion? Regards, Ray, > > Theses lines do not return anything in my logs... > I thought my file wasnt up but it is because the ldaptive debug is > generated... > I dunno whats happening > > regards, > > Debian, >> >> Add this to your log4j2.xml >> > level="debug"/> >> >> replacing 'package' with the package of your class. >> >> Add this as the first line of doPrincipalAttributesAllowServiceAccess >> method: >> log.error("doPrincipalAttributesAllowServiceAccess: " + >> attributes.get('udlAccountStatus')) >> >> Log level does not have to be 'error', but this way it will definitely >> show in the logs and 'should be' the only ERROR listed. >> This way you will know when/if your method is called and the value of >> udlAccountStatus. >> >> Ray >> >> >> On Mon, 2019-06-03 at 06:00 -0700, Debian HNT wrote: >> >> Ray, >> >> In my log4j2.xml I have this >> >> > name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy" >> >> level="debug"/> >> > name="org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy" >> level="debug"/> >> >> When access is granted I have this in my logs >> >> 8430:2019-06-03 14:13:39,963 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> > service [https://castete.univ.com/cas/status/dashboard] defined by >> registered service [^https://castete.univ.com/cas/status/dashboard >> (\z|/.*)]...> >> 8431:2019-06-03 14:13:39,972 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> >> 8432:2019-06-03 14:13:39,973 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> > [DefaultPrincipalAttributesRepository()] to retrieve attributes> >> 8433:2019-06-03 14:13:39,974 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> > udlAccountStatus=[Active]}] for [student1.stu]> >> 8434:2019-06-03 14:13:39,976 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> > attributes for [student1.stu]> >> 8435:2019-06-03 14:13:39,977 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> > [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}] for >> [student1.stu> >> 8436:2019-06-03 14:13:39,984 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> >> 8437:2019-06-03 14:13:39,984 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> >> 8438:2019-06-03 14:13:39,985 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> > any> >> 8439:2019-06-03 14:13:39,988 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> >> 8440:2019-06-03 14:13:39,993 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> >> 8441:2019-06-03 14:13:39,993 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> >> 8442:2019-06-03 14:13:39,994 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> >> 8443:2019-06-03 14:13:39,994 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> > service [https://castete.univ.com/cas/status/dashboard] defined by >> registered service [^https://castete.univ.com/cas/status/dashboard >> (\z|/.*)]...> >> 8444:2019-06-03 14:13:39,994 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> > [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}]> >> >> >> >> 8430:2019-06-03 14:13:39,963 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> > service [https://castete.univ.com/cas/status/dashboard] defined by >> registered service [^https://castete.univ.com/cas/status/dashboard >> (\z|/.*)]...> >> 8431:2019-06-03 14:13:39,972 DEBUG >> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - >> >> 8432:2019-06-03 14:13:39,973 DEBUG >>
[cas-user] Re: SAMLReponse Add new Attributes
Nothing helps my property file has next properties cas.authn.samlIdp.entityId=${cas.server.prefix}/idp cas.authn.samlIdp.scope=${SERVER_NAME} cas.authn.samlIdp.metadata.privateKeyAlgName=RSA cas.authn.samlIdp.metadata.location=file:/etc/cas/saml cas.authn.samlIdp.attributeQueryProfileEnabled=true вторник, 4 июня 2019 г., 4:20:53 UTC+3 пользователь Andy Ng написал: > > Hi Andrey, > > Can you try ReturnAllAttributeReleasePolicy, see if is the policy that > have problem, or is the release of attribute not correct. > > https://apereo.github.io/cas/6.0.x/integration/Attribute-Release-Policies.html#return-all > > > > Cheers! > - Andy > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b8c549f6-ec35-4b5b-ab66-258cb3dffd6b%40apereo.org.
Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script
Ray, Theses lines do not return anything in my logs... I thought my file wasnt up but it is because the ldaptive debug is generated... I dunno whats happening regards, Debian, > > Add this to your log4j2.xml > > > replacing 'package' with the package of your class. > > Add this as the first line of doPrincipalAttributesAllowServiceAccess > method: > log.error("doPrincipalAttributesAllowServiceAccess: " + > attributes.get('udlAccountStatus')) > > Log level does not have to be 'error', but this way it will definitely > show in the logs and 'should be' the only ERROR listed. > This way you will know when/if your method is called and the value of > udlAccountStatus. > > Ray > > > On Mon, 2019-06-03 at 06:00 -0700, Debian HNT wrote: > > Ray, > > In my log4j2.xml I have this > > name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy" > > level="debug"/> > name="org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy" > level="debug"/> > > When access is granted I have this in my logs > > 8430:2019-06-03 14:13:39,963 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > service [https://castete.univ.com/cas/status/dashboard] defined by > registered service [^https://castete.univ.com/cas/status/dashboard > (\z|/.*)]...> > 8431:2019-06-03 14:13:39,972 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > > 8432:2019-06-03 14:13:39,973 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > [DefaultPrincipalAttributesRepository()] to retrieve attributes> > 8433:2019-06-03 14:13:39,974 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > udlAccountStatus=[Active]}] for [student1.stu]> > 8434:2019-06-03 14:13:39,976 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > attributes for [student1.stu]> > 8435:2019-06-03 14:13:39,977 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}] for > [student1.stu> > 8436:2019-06-03 14:13:39,984 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > > 8437:2019-06-03 14:13:39,984 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > > 8438:2019-06-03 14:13:39,985 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > any> > 8439:2019-06-03 14:13:39,988 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > > 8440:2019-06-03 14:13:39,993 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > > 8441:2019-06-03 14:13:39,993 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > > 8442:2019-06-03 14:13:39,994 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > > 8443:2019-06-03 14:13:39,994 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > service [https://castete.univ.com/cas/status/dashboard] defined by > registered service [^https://castete.univ.com/cas/status/dashboard > (\z|/.*)]...> > 8444:2019-06-03 14:13:39,994 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}]> > > > > 8430:2019-06-03 14:13:39,963 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > service [https://castete.univ.com/cas/status/dashboard] defined by > registered service [^https://castete.univ.com/cas/status/dashboard > (\z|/.*)]...> > 8431:2019-06-03 14:13:39,972 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > > 8432:2019-06-03 14:13:39,973 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > [DefaultPrincipalAttributesRepository()] to retrieve attributes> > 8433:2019-06-03 14:13:39,974 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > udlAccountStatus=[Active]}] for [student1.stu]> > 8434:2019-06-03 14:13:39,976 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > attributes for [student1.stu]> > 8435:2019-06-03 14:13:39,977 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > [{supannAliasLogin=[student1.stu], udlAccountStatus=[Active]}] for > [student1.stu]> > 8436:2019-06-03 14:13:39,984 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > > 8437:2019-06-03 14:13:39,984 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > > 8438:2019-06-03 14:13:39,985 DEBUG > [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - > any> > 8439:2019-06-03 14:13:39,988 DEBUG >