Hello. I am interested to add this feature to our 6.x CAS, we had no problems on 5.x but I don't get to find the key to enable it on the 6.x. As you said, I find it a very useful tool to debug problems in new clients.
Did you find the solution? Thanks for your time El martes, 6 de julio de 2021 a las 19:57:54 UTC+1, baron escribió: > Unfortunately, that doesn't seem to work for us. I even tried one level up > the class hierarchy with > > <AsyncLogger name="org.apereo.cas.services" level="info" > includeLocation="true"/> > > It also looks like all of our existing AsyncLogger entries already > have includeLocation="true" as well. > > On Mon, Jul 5, 2021 at 3:11 AM King, Robert <[email protected]> wrote: > >> I get the following WARN log entry from >> org.apereo.cas.services.RegisteredServiceAccessStrategyUtils >> >> >> >> WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - >> <Unauthorized Service Access. Service [defnotaservice] is not found in >> service registry.> >> >> >> >> >> >> I believe this is configured in log4j.xml with the following in <Loggers> >> >> >> >> <AsyncLogger >> name="org.apereo.cas.services.AbstractServicesManager" level="info" >> includeLocation="true"/> >> >> >> >> Hope that at least sets you on the correct path. >> >> >> >> >> >> >> >> *From:* [email protected] <[email protected]> *On Behalf Of *Baron >> Fujimoto >> *Sent:* Saturday, July 3, 2021 1:09 AM >> *To:* CAS Community <[email protected]> >> *Subject:* [EXTERNAL SENDER] [cas-user] CAS 5.0, 6.3 logging differences >> >> >> >> Continuing our journey to upgrade from CAS 5.0 to 6.3, I have some >> questions re logging differences I'm seeing. >> >> >> >> Service not found in service registry >> >> ------------------------------------------------ >> >> With CAS 5.0, if a service was not registered, we see something like this >> logged for an unauthorized service such as "https://www.foo.com": >> >> >> >> WARN [org.apereo.cas.web.flow.ServiceAuthorizationCheck] - <Service >> Management: missing service. Service [https://www.foo.com] is not found >> in service registry.> >> >> >> >> This is often very helpful for troubleshooting to be able to see what URL >> an app is trying to use. >> >> >> >> But with CAS6.3 we see: >> >> >> >> ERROR >> [org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter] >> >> - <Service unauthorized> >> >> org.apereo.cas.services.UnauthorizedServiceException: Service unauthorized >> >> at >> org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer.execute(RegisteredServiceAccessStrategyAuditableEnforcer.java:112) >> >> ~[cas-server-core-services-api-6.3.4.jar:6.3.4] >> >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> >> ~[tomcat-util.jar:9.0.46] >> >> [...many many lines of stack trace...] >> >> at java.lang.Thread.run(Thread.java:829) [?:?] >> >> >> >> The unauthorized service is never identified, which removes a valuable >> troubleshooting tool. Is there a way to include this information? >> >> >> >> We definitely want to see things logged as ERRORs, but the stack trace >> seems more appropriate for something at the DEBUG level? >> >> >> >> Failed authentications >> >> ----------------------------- >> >> With CAS 5.0, when a user authentication failed, we'd see something like >> the following logged: >> >> >> >> INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> <LdapAuthenticationHandler failed authenticating USERNAME> >> >> WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> <Authentication has failed. Credentials may be incorrect or CAS cannot find >> authentication handler that supports [USERNAME] of type >> [UsernamePasswordCredential], which suggests a configuration problem.> >> >> INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >> <Audit trail record BEGIN >> >> ============================================================= >> >> WHO: USERNAME >> >> WHAT: Supplied credentials: [USERNAME] >> >> ACTION: AUTHENTICATION_FAILED >> >> APPLICATION: CAS >> >> WHEN: Fri Jul 02 17:06:00 HST 2021 >> >> CLIENT IP ADDRESS: 172.19.100.162 >> >> SERVER IP ADDRESS: 172.16.1.76 >> >> ============================================================= >> >> > >> >> >> >> Whereas with CAS 6.3, we get: >> >> >> >> INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> <[LdapAuthenticationHandler] exception details: [Invalid credentials].> >> >> INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >> <Audit trail record BEGIN >> >> ============================================================= >> >> WHO: USERNAME >> >> WHAT: Supplied credentials: >> [UsernamePasswordCredential(username=USERNAME, source=null, >> customFields={})] >> >> ACTION: AUTHENTICATION_FAILED >> >> APPLICATION: CAS >> >> WHEN: Fri Jul 02 17:00:45 HST 2021 >> >> CLIENT IP ADDRESS: 10.17.133.2 >> >> SERVER IP ADDRESS: 10.17.133.14 >> >> ============================================================= >> >> > >> >> WARN >> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] >> >> - <1 errors, 0 successes> >> >> DEBUG >> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] >> >> - <1 errors, 0 successes> >> >> org.apereo.cas.authentication.AuthenticationException: 1 errors, 0 >> successes >> >> at >> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:340) >> >> ~[cas-server-core-authentication-api-6.3.4.jar:6.3.4] >> >> [... ~200 more lines of stack trace ...] >> >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> >> ~[tomcat-util.jar:9.0.46] >> >> at java.lang.Thread.run(Thread.java:829) [?:?] >> >> >> >> This 200+ line stack trace seems like overkill and not really helpful. Is >> the solution to this just not logging >> org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver >> >> at the debug level? >> >> >> >> -- >> >> Baron Fujimoto <[email protected]> :: UH Information Technology Services >> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2uh%3DN49pLnAmEuPxjem_yMmbXkQpfcj9fE3%2Brkk-v8yA%40mail.gmail.com >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2uh%3DN49pLnAmEuPxjem_yMmbXkQpfcj9fE3%2Brkk-v8yA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6699c8c32a7446bf8ffbd9f9d58093ec%40mun.ca >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6699c8c32a7446bf8ffbd9f9d58093ec%40mun.ca?utm_medium=email&utm_source=footer> >> . >> > > > -- > Baron Fujimoto <[email protected]> :: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/26a2f1b0-2e3e-4ef2-99cc-8a433837cd34n%40apereo.org.
