more attributes returned than allowed

[Ted Fisher]

 

While we have all of our services set for ReturnAllowedAttributeReleasePolicy, The CAS response received by the app includes all attributes that were resolved. 

We logged this:

2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.CentralAuth

enticationServiceImpl] - Attribute policy [org.jasig.cas.services.ReturnAllowedA

ttributeReleasePolicy@1985a180[attributeFilter=<null>,principalAttributesReposit

ory=org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository@

41d517d6[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyG

rantingTicket=false,allowedAttributes=[FirstName, LastName, email, Affiliation]]

] is associated with service [id=10001301,name=BGSU_Calendar_Test_Admin,descript

ion=BGSU HTTP Test Calendar Admin,serviceId=^(https?)://caltest.bgsu.edu/….

2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [FirstName] in the list of allowed attributes

2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [LastName] in the list of allowed attributes

2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [email] in the list of allowed attributes

2016-04-22 10:31:10,066 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider] - Returning the default principal id [tffishe] for username.

Which would indicate it is only sending four attributes.   But, at the app I see them all in the CAS response.

 

Any idea why this is happening?

 

Thanks.

 

Ted F. Fisher

Information Technology Services