logging cas validation responses?

Baron Fujimoto

unread,

Jul 14, 2021, 2:03:04 PM7/14/21

to CAS Community

Can CAS logging be configured to log validation responses as they would be sent to the client? E.g., something like this for /p3/serviceValidate:

<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
<cas:authenticationSuccess>
<cas:user>username</cas:user>
<cas:attributes>
<cas:firstname>John</cas:firstname>
<cas:lastname>Doe</cas:lastname>
<cas:title>Mr.</cas:title>
<cas:email>jd...@example.org</cas:email>
<cas:affiliation>staff</cas:affiliation>
<cas:affiliation>faculty</cas:affiliation>
</cas:attributes>
<cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket>
</cas:authenticationSuccess>
</cas:serviceResponse>

This doesn't seem to do it for our CAS 5.0:

I'm trying to troubleshoot one of our clients wrestling with their OnBase configuration. They are unable to get their required username attribute, and I can see from our logs they're using /p3/serviceValidate. Some of the logical looking attribute mappings in their config haven't been successful. I'm hoping if we can provide an example of an actual response to their /p3/serviceValidate this will provide clarification, or at least solid data they can use for a support ticket with the vendor.

--

Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum

Ray Bon

unread,

Jul 14, 2021, 3:11:26 PM7/14/21

to cas-...@apereo.org

Baron,

You may be able to get some data from these loggers:

<!-- DEBUG Found principal attributes [...] for [username]

Attribute policy [???] allows release of [...] for [username]

Final collection of attributes allowed are: [...] -->

<!-- DEBUG Response code from server matched [###] may be useful for debugging proxy

Created HTTP post message payload [POST URL] on logout -->

Ray

On Wed, 2021-07-14 at 08:02 -1000, Baron Fujimoto wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Baron Fujimoto

unread,

Jul 14, 2021, 4:11:20 PM7/14/21

to CAS Community

Unfortunately, that doesn't seem to do it either. I was already able to get the set of attributes to be released logged, and org.apache.http only seems to be showing me a connection to Duo for a status check. But still no XML cas response itself. We're not using an included servlet container, but an external Tomcat where we deploy the cas.war file.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/205a5b6c5dd06984c83a21807c977ba6f2d84a07.camel%40uvic.ca.

Chris Kell

unread,

Jul 15, 2021, 10:49:49 AM7/15/21

to cas-...@apereo.org

I'm getting ready to tackle logging for my application including CAS, and I was planning on simply adding in a logging class to the CAS build that would stream out events to a file in a csv format. Is there anything getting in the way of just adding a class like that?

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2P6nRSdAFK38%3DpXKgQV0T9v2NO_9viZbyMCjEDqMsy2A%40mail.gmail.com.

Ray Bon

unread,

Jul 19, 2021, 12:21:48 PM7/19/21

to cas-...@apereo.org

Chris,

What kind of events are you planning to capture?

If you need to process logs, A third party tool may be more appropriate.

Ray

Reply all

Reply to author

Forward