Continuing our journey to upgrade from CAS 5.0 to 6.3, I have some questions re logging differences I'm seeing.
This is often very helpful for troubleshooting to be able to see what URL an app is trying to use.
ERROR [org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter] - <Service unauthorized>
org.apereo.cas.services.UnauthorizedServiceException: Service unauthorized
at org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer.execute(RegisteredServiceAccessStrategyAuditableEnforcer.java:112) ~[cas-server-core-services-api-6.3.4.jar:6.3.4]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.46]
[...many many lines of stack trace...]
at java.lang.Thread.run(Thread.java:829) [?:?]
The unauthorized service is never identified, which removes a valuable troubleshooting tool. Is there a way to include this information?
We definitely want to see things logged as ERRORs, but the stack trace seems more appropriate for something at the DEBUG level?
Failed authentications
-----------------------------
With CAS 5.0, when a user authentication failed, we'd see something like the following logged:
INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating USERNAME>
WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [USERNAME] of type [UsernamePasswordCredential], which suggests a configuration problem.>
INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: USERNAME
WHAT: Supplied credentials: [USERNAME]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Jul 02 17:06:00 HST 2021
CLIENT IP ADDRESS: 172.19.100.162
SERVER IP ADDRESS: 172.16.1.76
=============================================================
>
Whereas with CAS 6.3, we get:
INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [Invalid credentials].>
INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: USERNAME
WHAT: Supplied credentials: [UsernamePasswordCredential(username=USERNAME, source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Jul 02 17:00:45 HST 2021
CLIENT IP ADDRESS: 10.17.133.2
SERVER IP ADDRESS: 10.17.133.14
=============================================================
>
WARN [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <1 errors, 0 successes>
DEBUG [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <1 errors, 0 successes>
org.apereo.cas.authentication.AuthenticationException: 1 errors, 0 successes
at org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:340) ~[cas-server-core-authentication-api-6.3.4.jar:6.3.4]
[... ~200 more lines of stack trace ...]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.46]
at java.lang.Thread.run(Thread.java:829) [?:?]
This 200+ line stack trace seems like overkill and not really helpful. Is the solution to this just not logging org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver at the debug level?
--
Baron Fujimoto <
ba...@hawaii.edu> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum