Carl,
Try these loggers to get details on the attributes and decision cas is making:
<!-- DEBUG Found principal attributes [...] for [username]
Attribute policy [???] allows release of [...] for [username]
Final collection of attributes allowed are: [...] -->
<AsyncLogger name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy" level="warn"/>
<!-- DEBUG Skipping access strategy policy - when no attributes rules are defined
These required attributes [...] are examined against [...] before service can proceed - when attrubutes are defined -->
<AsyncLogger name="org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy" level="warn"/>
<!-- DEBUG CAS will not authorize the release of ... given the service is denied access to all attributes -->
<AsyncLogger name="org.apereo.cas.services.DenyAllAttributeReleasePolicy" level="warn"/>
You may need a more general logger, but try those first.
Ray
On Wed, 2020-11-04 at 15:29 -0500, Carl Waldbieser wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.