Hi Andy, thank you for your message. So, I have tried with *cas.authn.attribute-repository.expiration-time=0* Nothing change
I have tried with you lines on *attributeReleasePolicy* Nothing change I have tried with 6.3 version Nothing change I have tried just with the ligne below in cas.properties *cas.authn.ldap[0].principal-attribute-list=my_attribute_1, my_attribute_2, ...* *without this lines* (by commenting): #cas.authn.ldap[0].authentication-attribute-release-enabled=true #cas.authn.ldap[0].authentication-attribute-release.only-release=my_attribute And now it is good with 6.3 and 6.4 versions... I do not know if I have made something else... But now it is fixed... Thank you for all, Jérémie Le vendredi 26 mars 2021 à 02:37:20 UTC+1, Andy Ng a écrit : > Hi Jérémie, > > I saw that you are using CAS 6.4, which is still in RC. Have you try it in > CAS 6.3.2? Or even 6.2.x? > > Even though 6.4.x is in RC, sometime bug do occurs and using slightly > older version might help identify your issue. > > Anyway, It is not so certain what the issue is, below are some suggestion, > see if implementing them would help or not: > > *Q: How can I clean the CAS cache ?* > You can do this by disable CAS attribtue cache so to verify if cache is > the issue: > > > *cas.authn.attribute-repository.expiration-time=0* > See: > https://apereo.github.io/cas/6.3.x/configuration/Configuration-Properties.html#authentication-attributes > > But, I don't think that is the issue, considering you never get any > attribute in the first place. > > *Another possible solution:* > In CAS 6.2.x, if order for attribute to release, I need to add > ========================= > * "attributeReleasePolicy" : {* > * .............* > * "principalAttributesRepository" : {* > * "@class" : > "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository",* > * "attributeRepositoryIds": ["java.util.HashSet", [ "*" ]]* > * },* > * .............* > * },* > ========================= > Detail see this post > > https://groups.google.com/a/apereo.org/g/cas-user/c/713M457X1bI/m/g6q3-ddKAQAJ > > Not sure if this is the same behavior as 6.4.x, you can try it and see if > this fix it for you. > > Hopefully this helps! > > Cheers, > Andy > > On Friday, 26 March 2021 at 04:24:49 UTC+8 Jérémie Pilette wrote: > >> I htink so. >> Where can we see it ? >> >> Le jeudi 25 mars 2021 à 20:54:04 UTC+1, jrautureau a écrit : >> >>> Hi Jérémy >>> >>> Is the passwordPolicy is enabled ? >>> >>> Le jeu. 25 mars 2021 à 20:26, Jérémie Pilette <[email protected]> a >>> écrit : >>> >>>> >>>> The attribute and the value are good in the LDAP. >>>> By watching the ldap.log.level=debug, I do not see something strange.. >>>> I can see all the values with their attributes, no error messages... >>>> Le jeudi 25 mars 2021 à 18:57:34 UTC+1, Ray Bon a écrit : >>>> >>>>> Jérémie, >>>>> >>>>> Check ldap to be sure an attribute and value exist for id_attribute >>>>> for your user. You could also check your ldap logs to see why the value >>>>> is >>>>> not released. >>>>> >>>>> If cas is having difficulties connecting to ldap, you can set, >>>>> <Property name="ldap.log.level">debug</Property> >>>>> which is at the top of the log4j2.xml file. >>>>> >>>>> Ray >>>>> >>>>> On Thu, 2021-03-25 at 10:04 -0700, Jérémie Pilette wrote: >>>>> >>>>> Notice: This message was sent from outside the University of Victoria >>>>> email system. Please be cautious with links and sensitive information. >>>>> >>>>> Yes I have this file. I try to do with it ok. >>>>> >>>>> And in my */var.lib/tomcat9/Cataline.out*, I have this line : >>>>> [2021-03-25 18:02:39] [info] #033[33m2021-03-25 18:02:39,848 WARN >>>>> [org.apereo.cas.services.ReturnMappedAttributeReleasePolicy] - <Could not >>>>> find value for mapped attribute [*codeNYP*] that is based off of [ >>>>> *id_attribute*] in the allowed attributes list. Ensure the original >>>>> attribute [*id_attribute*] is retrieved and contains at least a >>>>> single value. Attribute [*codeNYP*] will and can not be released >>>>> without the presence of a value.>#033[m >>>>> >>>>> >>>>> Le jeudi 25 mars 2021 à 17:55:46 UTC+1, Ray Bon a écrit : >>>>> >>>>> Jérémie, >>>>> >>>>> The cas logger bit can be added to etc/cas/config/log4j2.xml). >>>>> >>>>> Ray >>>>> >>>>> On Thu, 2021-03-25 at 09:35 -0700, Jérémie Pilette wrote: >>>>> >>>>> Notice: This message was sent from outside the University of Victoria >>>>> email system. Please be cautious with links and sensitive information. >>>>> >>>>> Thank you for your response Ray Bon, but where I have to do that ? >>>>> Should I uncomment these lines in a file or add these lines in a >>>>> specific file ? >>>>> Thank you. >>>>> >>>>> >>>>> Le jeudi 25 mars 2021 à 16:46:34 UTC+1, Ray Bon a écrit : >>>>> >>>>> Jérémie, >>>>> >>>>> Try this logger to see what cas is doing with the attributes: >>>>> >>>>> <!-- DEBUG Found principal attributes [...] for [username] >>>>> Attribute policy [???] allows release of [...] for >>>>> [username] >>>>> Final collection of attributes allowed are: [...] >>>>> --> >>>>> <AsyncLogger >>>>> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy" >>>>> >>>>> level="debug"/> >>>>> >>>>> The client application must be configured to call the CASv3 endpoint. >>>>> >>>>> Ray >>>>> >>>>> On Thu, 2021-03-25 at 01:56 -0700, Jérémie Pilette wrote: >>>>> >>>>> Notice: This message was sent from outside the University of Victoria >>>>> email system. Please be cautious with links and sensitive information. >>>>> >>>>> >>>>> >>>>> Hi, >>>>> I would like to use Attribute release for one application (Yparéo). >>>>> I was usin CAS 5.1, and it was operationnal. >>>>> >>>>> Now with the new version 6.4, it does'nt work. >>>>> >>>>> I am using json file configuration : >>>>> ****************************************************************** >>>>> { >>>>> "@class" : "org.apereo.cas.services.RegexRegisteredService", >>>>> "serviceId" : "^(https|http)://URL/cas.*", >>>>> "name" : "netYpareo", >>>>> "id" : 10000005, >>>>> "description" : "NetYparéo", >>>>> "evaluationOrder" : 3, >>>>> "accessStrategy" : >>>>> { >>>>> "@class" : >>>>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", >>>>> "enabled" : "true", >>>>> "ssoEnabled" : "true", >>>>> "requireAllAttributes": "true", >>>>> "caseInsensitive": "false" >>>>> }, >>>>> "attributeReleasePolicy" : >>>>> { >>>>> "@class" : >>>>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", >>>>> "allowedAttributes" : >>>>> { >>>>> "@class" : "java.util.TreeMap", >>>>> "*id_attribute*" : "*codeNYP*" >>>>> } >>>>> }, >>>>> "authorizedToReleaseCredentialPassword" : "false", >>>>> "authorizedToReleaseProxyGrantingTicket" : "false", >>>>> "excludeDefaultAttributes" : "false", >>>>> "*principalIdAttribute*" : "*login_attribute*" >>>>> } >>>>> ****************************************************************** >>>>> In my cas.properties : >>>>> cas.authn.authentication-attribute-release-enabled=*true* >>>>> cas.authn.ldap[0].principal-attribute-list=*id_attribute* >>>>> >>>>> Maybe I forget something ? >>>>> >>>>> One other question : How could we know which protocol is used to do >>>>> that ? >>>>> The application accept CASv3, so I want to use CASv3, not SAML or >>>>> other .... >>>>> >>>>> Thank you >>>>> >>>>> -- >>>>> >>>>> >>>>> Ray Bon >>>>> Programmer Analyst >>>>> Development Services, University Systems >>>>> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] >>>>> >>>>> I respectfully acknowledge that my place of work is located within the >>>>> ancestral, traditional and unceded territory of the Songhees, Esquimalt >>>>> and >>>>> WSÁNEĆ Nations. >>>>> >>>>> -- >>>>> >>>>> >>>>> Ray Bon >>>>> Programmer Analyst >>>>> Development Services, University Systems >>>>> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] >>>>> >>>>> I respectfully acknowledge that my place of work is located within the >>>>> ancestral, traditional and unceded territory of the Songhees, Esquimalt >>>>> and >>>>> WSÁNEĆ Nations. >>>>> >>>>> -- >>>>> >>>>> Ray Bon >>>>> Programmer Analyst >>>>> Development Services, University Systems >>>>> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] >>>>> >>>>> I respectfully acknowledge that my place of work is located within the >>>>> ancestral, traditional and unceded territory of the Songhees, Esquimalt >>>>> and >>>>> WSÁNEĆ Nations. >>>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f0401584-5fa0-44b2-b400-829704856ccbn%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f0401584-5fa0-44b2-b400-829704856ccbn%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/aaf7e1e0-309a-4499-b0a3-22a54b225b38n%40apereo.org.
