CAS 6.1.5 - Exception in log after Service Access Enforcement
18 views
Skip to first unread message
Sven Specker
Apr 17, 2020, 3:40:16 AM4/17/20
to CAS Community
Hi!
I do not know if I misconfigured something, but if a user runs afoul of
an access strategy, i get a stack trace
ERROR [org.apereo.cas.web.flow.login.CreateTicketGrantingTicketAction] -
<screen.service.error.message>
org.apereo.cas.authentication.PrincipalException:
screen.service.error.message
I do not mind, since it works but it makes the log messy. Have not found
any option to prevent that particular effect.
Any hints?
Best regards,
Sven Specker
--
__________________________________________________________________
*** Sven Specker -- University of Frankfurt Computing Center ***
*********** UNIX System Administration (Auth/IDM) ****************
***** spe...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *****
******************************************************************
__________________________________________________________________
Johann Wolfgang Goethe Universitaet
- Hochschulrechenzentrum -
Theodor W. Adorno-Platz 1 (PA-1P16)
D-60323 Frankfurt/Main
__________________________________________________________________
______________ TeX-users do it in {groups}________________________
I do not know if I misconfigured something, but if a user runs afoul of
an access strategy, i get a stack trace
ERROR [org.apereo.cas.web.flow.login.CreateTicketGrantingTicketAction] -
<screen.service.error.message>
org.apereo.cas.authentication.PrincipalException:
screen.service.error.message
I do not mind, since it works but it makes the log messy. Have not found
any option to prevent that particular effect.
Any hints?
Best regards,
Sven Specker
--
__________________________________________________________________
*** Sven Specker -- University of Frankfurt Computing Center ***
*********** UNIX System Administration (Auth/IDM) ****************
***** spe...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *****
******************************************************************
__________________________________________________________________
Johann Wolfgang Goethe Universitaet
- Hochschulrechenzentrum -
Theodor W. Adorno-Platz 1 (PA-1P16)
D-60323 Frankfurt/Main
__________________________________________________________________
______________ TeX-users do it in {groups}________________________
Ray Bon
Apr 17, 2020, 12:33:10 PM4/17/20
to cas-...@apereo.org
Sven,
If you are sure this is not an issue, checkout our log4j2 filtering.
e.g.
<AsyncLogger name="org.apereo.cas.AbstractCentralAuthenticationService" level="error" includeLocation="true">
<RegexFilter regex="Publishing.*ticketGrantingTicket=.*serviceTicket=.*" onMismatch="DENY" />
</AsyncLogger>
Ray
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
Sven Specker
Apr 17, 2020, 12:51:51 PM4/17/20
to cas-...@apereo.org, Ray Bon
On 2020-04-17 18:33, Ray Bon wrote:
> Sven,
>
Hi!
> If you are sure this is not an issue, checkout our log4j2 filtering.
> e.g.
Well, it is not an issue really, since the ones causing it are
rightfully rejected due to not having the required attributes to access
the service.
Strangely enough, if I punch in a wrong password or even a completely
wrong identity, it does not log an exception (even though I am sure
ldaptive will throw one).
> <AsyncLogger name="org.apereo.cas.AbstractCentralAuthenticationService" level="error" includeLocation="true">
> <RegexFilter regex="Publishing.*ticketGrantingTicket=.*serviceTicket=.*" onMismatch="DENY" />
> </AsyncLogger>
>
Thanks for the hint!
That would eliminiate the entire entry, I guess. But basically, the
entry is fine, I just want to get rid of the stack trace, that burps 60
lines of text each time.
If there is no way to shut just the exception up, I might have to live
with that. There are worse fates than that.
> Sven,
>
Hi!
> If you are sure this is not an issue, checkout our log4j2 filtering.
> e.g.
rightfully rejected due to not having the required attributes to access
the service.
Strangely enough, if I punch in a wrong password or even a completely
wrong identity, it does not log an exception (even though I am sure
ldaptive will throw one).
> <AsyncLogger name="org.apereo.cas.AbstractCentralAuthenticationService" level="error" includeLocation="true">
> <RegexFilter regex="Publishing.*ticketGrantingTicket=.*serviceTicket=.*" onMismatch="DENY" />
> </AsyncLogger>
>
That would eliminiate the entire entry, I guess. But basically, the
entry is fine, I just want to get rid of the stack trace, that burps 60
lines of text each time.
If there is no way to shut just the exception up, I might have to live
with that. There are worse fates than that.
Reply all
Reply to author
Forward
0 new messages