Atribute release policy on Oauth services ( cas 7.1.x )

[Joan Montal]

Hello, We are upgrading from version 6.4.6 to 7.1.1, but we are encountering issues with the definition of services in OAuth (OAuthRegisteredService). It is ignoring the attribute release policy (attributeReleasePolicy) and ends up returning all the user's attributes. Has anyone else faced the same issue?

[dwismer]

this might help.  

• Test Policies: Ensure the attributeReleasePolicy is correctly defined in your service's JSON/YAML configuration.
• Enable Debug Logs: Activate detailed logging for attribute release to see how CAS processes the policy. Update log4j2.xml in the WEB-INF/classes directory to set CAS logging levels to DEBUG for relevant components (org.apereo.cas).
• Examine Logs: Look for errors or unusual behavior during service validation or authentication in catalina.out (if using Tomcat)