Unfortunately, that doesn't seem to work for us. I even tried one level up
the class hierarchy with
<AsyncLogger name="org.apereo.cas.services" level="info"
includeLocation="true"/>
It also looks like all of our existing AsyncLogger entries already
have includeLocation="true" as well.
On Mon, Jul 5, 2021 at 3:11 AM King, Robert <[email protected]> wrote:
> I get the following WARN log entry from
> org.apereo.cas.services.RegisteredServiceAccessStrategyUtils
>
>
>
> WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] -
> <Unauthorized Service Access. Service [defnotaservice] is not found in
> service registry.>
>
>
>
>
>
> I believe this is configured in log4j.xml with the following in <Loggers>
>
>
>
> <AsyncLogger
> name="org.apereo.cas.services.AbstractServicesManager" level="info"
> includeLocation="true"/>
>
>
>
> Hope that at least sets you on the correct path.
>
>
>
>
>
>
>
> *From:* [email protected] <[email protected]> *On Behalf Of *Baron
> Fujimoto
> *Sent:* Saturday, July 3, 2021 1:09 AM
> *To:* CAS Community <[email protected]>
> *Subject:* [EXTERNAL SENDER] [cas-user] CAS 5.0, 6.3 logging differences
>
>
>
> Continuing our journey to upgrade from CAS 5.0 to 6.3, I have some
> questions re logging differences I'm seeing.
>
>
>
> Service not found in service registry
>
> ------------------------------------------------
>
> With CAS 5.0, if a service was not registered, we see something like this
> logged for an unauthorized service such as "https://www.foo.com":
>
>
>
> WARN [org.apereo.cas.web.flow.ServiceAuthorizationCheck] - <Service
> Management: missing service. Service [https://www.foo.com] is not found
> in service registry.>
>
>
>
> This is often very helpful for troubleshooting to be able to see what URL
> an app is trying to use.
>
>
>
> But with CAS6.3 we see:
>
>
>
> ERROR
> [org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter]
> - <Service unauthorized>
>
> org.apereo.cas.services.UnauthorizedServiceException: Service unauthorized
>
> at
> org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer.execute(RegisteredServiceAccessStrategyAuditableEnforcer.java:112)
> ~[cas-server-core-services-api-6.3.4.jar:6.3.4]
>
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> ~[tomcat-util.jar:9.0.46]
>
> [...many many lines of stack trace...]
>
> at java.lang.Thread.run(Thread.java:829) [?:?]
>
>
>
> The unauthorized service is never identified, which removes a valuable
> troubleshooting tool. Is there a way to include this information?
>
>
>
> We definitely want to see things logged as ERRORs, but the stack trace
> seems more appropriate for something at the DEBUG level?
>
>
>
> Failed authentications
>
> -----------------------------
>
> With CAS 5.0, when a user authentication failed, we'd see something like
> the following logged:
>
>
>
> INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <LdapAuthenticationHandler failed authenticating USERNAME>
>
> WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <Authentication has failed. Credentials may be incorrect or CAS cannot find
> authentication handler that supports [USERNAME] of type
> [UsernamePasswordCredential], which suggests a configuration problem.>
>
> INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
> <Audit trail record BEGIN
>
> =============================================================
>
> WHO: USERNAME
>
> WHAT: Supplied credentials: [USERNAME]
>
> ACTION: AUTHENTICATION_FAILED
>
> APPLICATION: CAS
>
> WHEN: Fri Jul 02 17:06:00 HST 2021
>
> CLIENT IP ADDRESS: 172.19.100.162
>
> SERVER IP ADDRESS: 172.16.1.76
>
> =============================================================
>
> >
>
>
>
> Whereas with CAS 6.3, we get:
>
>
>
> INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <[LdapAuthenticationHandler] exception details: [Invalid credentials].>
>
> INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
> <Audit trail record BEGIN
>
> =============================================================
>
> WHO: USERNAME
>
> WHAT: Supplied credentials: [UsernamePasswordCredential(username=USERNAME,
> source=null, customFields={})]
>
> ACTION: AUTHENTICATION_FAILED
>
> APPLICATION: CAS
>
> WHEN: Fri Jul 02 17:00:45 HST 2021
>
> CLIENT IP ADDRESS: 10.17.133.2
>
> SERVER IP ADDRESS: 10.17.133.14
>
> =============================================================
>
> >
>
> WARN
> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
> - <1 errors, 0 successes>
>
> DEBUG
> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
> - <1 errors, 0 successes>
>
> org.apereo.cas.authentication.AuthenticationException: 1 errors, 0
> successes
>
> at
> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:340)
> ~[cas-server-core-authentication-api-6.3.4.jar:6.3.4]
>
> [... ~200 more lines of stack trace ...]
>
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> ~[tomcat-util.jar:9.0.46]
>
> at java.lang.Thread.run(Thread.java:829) [?:?]
>
>
>
> This 200+ line stack trace seems like overkill and not really helpful. Is
> the solution to this just not logging
> org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver
> at the debug level?
>
>
>
> --
>
> Baron Fujimoto <[email protected]> :: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2uh%3DN49pLnAmEuPxjem_yMmbXkQpfcj9fE3%2Brkk-v8yA%40mail.gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2uh%3DN49pLnAmEuPxjem_yMmbXkQpfcj9fE3%2Brkk-v8yA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6699c8c32a7446bf8ffbd9f9d58093ec%40mun.ca
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6699c8c32a7446bf8ffbd9f9d58093ec%40mun.ca?utm_medium=email&utm_source=footer>
> .
>
--
Baron Fujimoto <[email protected]> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2syA6EgA5C_3VY-CVRKBL%3DkHnt-dzgtu_GOLk3tcWzdw%40mail.gmail.com.
