I may have encountered a bug in CAS 5.0.10 for the evaluationOrder parameter in service registrations.
Registrations have an evaluationOrder parameter that sets precedence when you have more than one matching registration. We've handled cases like this by appending some zeros to the evaluationOrder value for the more general/default case (ex. https://example.edu). Therefore its evaluationOrder is > than the evaluationOrder of the more specific case like https://example.edu/foo. Example registrations: { "name" : "GeneralNoAttr", "serviceId" : "^https://example\\.edu(/.*)*", "description" : "General no-attribute registration", "id" : 20180508174231, "evaluationOrder" : 200002230000, "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.DenyAllAttributeReleasePolicy" } "@class" : "org.apereo.cas.services.RegexRegisteredService", } { "name" : "MoreSpecificAttr", "serviceId" : "^https://example\\.edu/foo(/.*)*", "description" : "Specific attribute-enabled registration", "id" : 20181022144024, "evaluationOrder" : 20000233, "@class" : "org.apereo.cas.services.RegexRegisteredService", } I was troubleshooting an application that was not receiving attributes as expected (invoking DenyAllAttributeReleasePolicy of the more general registration[*]) when I discovered there appears to be some limit to this. While setting things up for a new /foo registration, the more general registration's evaluationOrder got 4 0s appended. That's when things broke, and all the more specific registrations (e.g. /foo, /bar, etc) stopped returning attributes. On a hunch, I amended the more general evaluationOrder to only have 2 0s appended (known to have worked previously). Things started working again as expected. It almost seems like an overflow bug, where the evaluationOrder wrapped or something. [*] Is there a way to tell which service registration is is actually matching? Our DEBUG logs don't seem to show this, but perhaps it's just not enabled in the logging config? This would facilitate troubleshooting these types of issues. -- Baron Fujimoto <[email protected]> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20181024211719.lpb574apkbgkiauk%40combobulate.mgt.hawaii.edu.
