too many attributes released for org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy
Ted Fisher
I’m still having an issue with CAS returning all attributes even though the service to return only allowed attributes. It is logging that it is only going to return the correct attributes (see below) but what the app gets is all attributes. I’ve looked at everything I can think of and still can’t see why it is doing this.
Ted F. Fisher
Information Technology Services
From: Ted Fisher
Sent: Friday, April 22, 2016 10:48 AM
To: 'cas-...@apereo.org' <cas-...@apereo.org>
Subject: more attributes returned than allowed
While we have all of our services set for ReturnAllowedAttributeReleasePolicy, The CAS response received by the app includes all attributes that were resolved.
We logged this:
2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.CentralAuth
enticationServiceImpl] - Attribute policy [org.jasig.cas.services.ReturnAllowedA
ttributeReleasePolicy@1985a180[attributeFilter=<null>,principalAttributesReposit
ory=org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository@
41d517d6[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyG
rantingTicket=false,allowedAttributes=[FirstName, LastName, email, Affiliation]]
] is associated with service [id=10001301,name=BGSU_Calendar_Test_Admin,descript
ion=BGSU HTTP Test Calendar Admin,serviceId=^(https?)://caltest.bgsu.edu/….
2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [FirstName] in the list of allowed attributes
2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [LastName] in the list of allowed attributes
2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [email] in the list of allowed attributes
2016-04-22 10:31:10,066 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider] - Returning the default principal id [tffishe] for username.
Which would indicate it is only sending four attributes. But, at the app I see them all in the CAS response.
Any idea why this is happening?
Thanks.
Ted F. Fisher
Information Technology Services
Dmitriy Kopylenko
On May 23, 2016, at 12:03 PM, Ted Fisher <tff...@bgsu.edu> wrote:
I’m still having an issue with CAS returning all attributes even though the service to return only allowed attributes. It is logging that it is only going to return the correct attributes (see below) but what the app gets is all attributes. I’ve looked at everything I can think of and still can’t see why it is doing this.
Ted F. FisherInformation Technology Services
<image001.gif>
From: Ted Fisher
Sent: Friday, April 22, 2016 10:48 AM
To: 'cas-...@apereo.org' <cas-...@apereo.org>
Subject: more attributes returned than allowedWhile we have all of our services set for ReturnAllowedAttributeReleasePolicy, The CAS response received by the app includes all attributes that were resolved.We logged this:2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.CentralAuthenticationServiceImpl] - Attribute policy [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy@1985a180[attributeFilter=<null>,principalAttributesRepository=org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository@41d517d6[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false,allowedAttributes=[FirstName, LastName, email, Affiliation]]] is associated with service [id=10001301,name=BGSU_Calendar_Test_Admin,description=BGSU HTTP Test Calendar Admin,serviceId=^(https?)://caltest.bgsu.edu/….2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [FirstName] in the list of allowed attributes2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [LastName] in the list of allowed attributes2016-04-22 10:31:10,065 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy] - Found attribute [email] in the list of allowed attributes2016-04-22 10:31:10,066 DEBUG [http-bio-8080-exec-29] [org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider] - Returning the default principal id [tffishe] for username.Which would indicate it is only sending four attributes. But, at the app I see them all in the CAS response.Any idea why this is happening?Thanks.
Ted F. FisherInformation Technology Services
<image001.gif>--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN1PR0501MB2015D75525E56A45B8AA1944C04E0%40SN1PR0501MB2015.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Ted Fisher
I resolved the problem with too many attributes being sent since I found it was something I missed during the upgrade from CAS 3.5.0 to 4.1.5. I had gone through all the other jsps under view to make sure they worked appropriately, except I missed jsp/protocol/2.0/casServiceValidationSuccess.jsp
That had simply copied over from our CAS 3.5.0. We had added releasing attributes in the response, but the reference to the attributes had changed. The code their still worked to include attributes, but was getting all rather than just those that were allowed.
If you’ve modified that jsp to include attributes on an older version make sure to check it when you upgrade.
Thanks.
Ted F. Fisher