CAS Management Webapp v5 + LDAP Authorization
674 views
Skip to first unread message
Ludovic Senecaux
Nov 21, 2016, 4:34:28 AM11/21/16
to CAS Community
Hy,
I would like to configure the new mgmt webapp (v5) authorization through LDAP like in CAS v4.2.x.
I have a LDAP group (groupOfNames) with many members (member attribute).
In CAS 4.x, this was possible through ldaptive:AuthorizationGenerator.
In CAS 5.x, I didn't find any doc to configure authz through LDAP groups.
Thanks in advance
I would like to configure the new mgmt webapp (v5) authorization through LDAP like in CAS v4.2.x.
I have a LDAP group (groupOfNames) with many members (member attribute).
In CAS 4.x, this was possible through ldaptive:AuthorizationGenerator.
In CAS 5.x, I didn't find any doc to configure authz through LDAP groups.
Thanks in advance
Jugurtha OURLISSENE
Jun 6, 2017, 4:21:14 AM6/6/17
to CAS Community
Hello,
I encounter the same problem with CAS 5.0.4. Have you solved the problem? could you help me ?
I encounter the same problem with CAS 5.0.4. Have you solved the problem? could you help me ?
Olivier Lamarche
Jun 6, 2017, 10:02:58 AM6/6/17
to CAS Community
I can log in my mgmt webapp base on my admin role using ldap group,
I don't know why I have to set rolePrefix and groupPrefix both to : ROLE_, but its working!
here is my config :
cas.mgmt.adminRoles=ROLE_ADMIN,ROLE_IDMADMIN
# Attributes that you wish to resolve for the principal
cas.authn.attributeRepository.attributes.uid=uid
cas.authn.attributeRepository.attributes.mail=mail
cas.authn.attributeRepository.attributes.displayName=displayName
cas.authn.attributeRepository.attributes.cn=commonName
cas.authn.attributeRepository.attributes.affiliation=groupMembership
cas.authn.attributeRepository.attributes.lastName=sn
cas.authn.attributeRepository.attributes.firstName=givenName
cas.authn.attributeRepository.attributes.givenName=givenName
cas.authn.attributeRepository.attributes.member=memberOf
cas.mgmt.authzAttributes[0]=memberOf
cas.mgmt.authzAttributes[1]=groupMembership
cas.mgmt.ldap.ldapAuthz.groupAttribute=cn
cas.mgmt.ldap.ldapAuthz.groupPrefix=ROLE_
cas.mgmt.ldap.ldapAuthz.groupFilter=(member={0})
cas.mgmt.ldap.ldapAuthz.groupBaseDn=ou=groups,dc=xxxxxxx,dc=com
cas.mgmt.ldap.ldapAuthz.rolePrefix=ROLE_
cas.mgmt.ldap.ldapAuthz.roleAttribute=memberOf
cas.mgmt.ldap.ldapAuthz.searchFilter=(cn={user})
cas.mgmt.ldap.ldapAuthz.baseDn=dc=xxxxxx,dc=com
Ludovic Senecaux
Jun 16, 2017, 6:34:04 AM6/16/17
to jasig-cas-user, cas-...@apereo.org
It is OK in CAS version 5.1
Julien Whizz
Jun 29, 2017, 4:46:09 AM6/29/17
to CAS Community
Hello all,
I'm using "apereo CAS Overlay 5.1.1" and CAS Service Management Overlay 5.1.1
I encounter a similar issue :
step 1) login success.
step 2) Access failed (because : No principal attributes are found to satisfy defined attribute requirements ??)
My .json config :
My attribute config in management.properties :
cas.authn.attributeRepository.attributes.uid=sAMAccountName={user}
cas.authn.attributeRepository.attributes.mail=mail
cas.authn.attributeRepository.attributes.displayName=displayName
cas.authn.attributeRepository.attributes.cn=commonName
My log :
=============================================================
WHO: mylogin_ad
WHAT: Supplied credentials: [mylogin_ad]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Thu Jun 29 09:40:22 CEST 2017
CLIENT IP ADDRESS: ip_client
SERVER IP ADDRESS: ip_serveur
=============================================================
>
2017-06-29 09:40:22,748 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationTransactionManager] - <Successful authentication; Collecting authentication result [org.apereo.cas.authentication.DefaultAuthentication@915180a0]>
2017-06-29 09:40:22,760 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,770 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,777 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,785 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,785 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,792 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,803 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,810 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,817 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,823 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,824 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Collecting authentication history based on [1] authentication events>
2017-06-29 09:40:22,825 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Evaluating authentication principal [mylogin_ad] for inclusion in result>
2017-06-29 09:40:22,825 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Collected principal attributes [{memberOf=[CN=Liste Utilisateurs XXXX,OU=Groupes de distribution,OU=Groupes,DC=domaine,DC=com,DC=fr], LdapAuthenticationHandler.mylogin_ad=CN=NAME Julien,OU=D.S.I.,OU=ADMINISTRATIFS,DC=domaine,DC=com,DC=fr, mail=mylog...@domain.com, sAMAccountName=mylogin_ad, displayName=NAME Julien}] for inclusion in this result for principal [mylogin_ad]>
2017-06-29 09:40:22,827 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Collected single authentication attribute [authenticationMethod] -> [LdapAuthenticationHandler]>
2017-06-29 09:40:22,827 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Collected single authentication attribute [successfulAuthenticationHandlers] -> [[LdapAuthenticationHandler]]>
2017-06-29 09:40:22,827 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Finalized authentication attributes [{authenticationMethod=LdapAuthenticationHandler, successfulAuthenticationHandlers=[LdapAuthenticationHandler]}] for inclusion in this authentication result>
2017-06-29 09:40:22,828 DEBUG [org.apereo.cas.authentication.DefaultPrincipalElectionStrategy] - <Nominated [mylogin_ad] as the primary principal>
2017-06-29 09:40:22,829 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Determined primary authentication principal to be [mylogin_ad]>
2017-06-29 09:40:22,829 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Collected authentication attributes for this result are [{authenticationMethod=LdapAuthenticationHandler, successfulAuthenticationHandlers=[LdapAuthenticationHandler]}]>
2017-06-29 09:40:22,829 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Authentication result commenced at [2017-06-29T09:40:22.829+02:00[Europe/Paris]]>
2017-06-29 09:40:22,829 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Building an authentication result for authentication [org.apereo.cas.authentication.DefaultAuthentication@cc139fa0] and service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@18c92e83[id=https://servername.domain.com.fr:8443/cas-management/manage.html,originalUrl=https://servername.domain.com.fr:8443/cas-management/manage.html,artifactId=<null>,principal=<null>,loggedOutAlready=false,format=XML]]>
2017-06-29 09:40:22,830 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Creating new transaction with name [org.apereo.cas.DefaultCentralAuthenticationService.createTicketGrantingTicket]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
2017-06-29 09:40:22,830 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Creating new transaction with name [org.apereo.cas.DefaultCentralAuthenticationService.createTicketGrantingTicket]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
2017-06-29 09:40:22,837 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Locating principal attributes for [mylogin_ad]>
2017-06-29 09:40:22,838 DEBUG [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository] - <[DefaultPrincipalAttributesRepository] will return the collection of attributes directly associated with the principal object which are [{displayName=NAME Julien, LdapAuthenticationHandler.mylogin_ad=CN=NAME Julien,OU=D.S.I.,OU=ADMINISTRATIFS,DC=domaine,DC=com,DC=fr, mail=mylog...@domain.com, memberOf=[CN=Liste Utilisateurs APPLIS,OU=Groupes de distribution,OU=Groupes,DC=domaine,DC=com,DC=fr], sAMAccountName=mylogin_ad}]>
2017-06-29 09:40:22,838 DEBUG [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository] - <Found [5] cached attributes for principal [mylogin_ad] that are [{displayName=NAME Julien, LdapAuthenticationHandler.mylogin_ad=CN=NAME Julien,OU=D.S.I.,OU=ADMINISTRATIFS,DC=domaine,DC=com,DC=fr, mail=mylog...@domain.com, memberOf=[CN=Liste Utilisateurs APPLIS,OU=Groupes de distribution,OU=Groupes,DC=domaine,DC=com,DC=fr], sAMAccountName=mylogin_ad}]>
2017-06-29 09:40:22,838 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Found principal attributes [{displayName=NAME Julien, LdapAuthenticationHandler.mylogin_ad=CN=NAME Julien,OU=D.S.I.,OU=ADMINISTRATIFS,DC=domaine,DC=com,DC=fr, mail=mylog...@domain.com, memberOf=[CN=Liste Utilisateurs APPLIS,OU=Groupes de distribution,OU=Groupes,DC=domaine,DC=com,DC=fr], sAMAccountName=mylogin_ad}] for [mylogin_ad]>
2017-06-29 09:40:22,838 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Calling attribute policy [ReturnAllowedAttributeReleasePolicy] to process attributes for [mylogin_ad]>
2017-06-29 09:40:22,840 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of [{}] for [mylogin_ad]>
2017-06-29 09:40:22,841 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attempting to merge policy attributes and default attributes>
2017-06-29 09:40:22,841 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Checking default attribute policy attributes>
2017-06-29 09:40:22,841 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Located application context. Retrieving default attributes for release, if any>
2017-06-29 09:40:22,841 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes for release are: [[]]>
2017-06-29 09:40:22,842 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes found to be released are [{}]>
2017-06-29 09:40:22,842 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Adding default attributes first to the released set of attributes>
2017-06-29 09:40:22,842 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Adding policy attributes to the released set of attributes>
2017-06-29 09:40:22,843 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Final collection of attributes allowed are: [{}]>
2017-06-29 09:40:22,843 DEBUG [org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy] - <No principal attributes are found to satisfy defined attribute requirements>
2017-06-29 09:40:22,843 DEBUG [org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy] - <Access is denied. There are not enough attributes available to satisfy requirements>
2017-06-29 09:40:22,843 WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Cannot grant access to service [https://servername.domain.com.fr:8443/cas-management/manage.html] because it is not authorized for use by [mylogin_ad].>
2017-06-29 09:40:22,846 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: mylogin_ad
WHAT: L'application pour laquelle vous avez tenté de vous authentifier n'est pas autorisée à utiliser CAS.
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Thu Jun 29 09:40:22 CEST 2017
CLIENT IP ADDRESS: ip_client
SERVER IP ADDRESS: ip_serveur
=============================================================
Anyone can help me plz ? Thx.
I'm using "apereo CAS Overlay 5.1.1" and CAS Service Management Overlay 5.1.1
I encounter a similar issue :
step 1) login success.
step 2) Access failed (because : No principal attributes are found to satisfy defined attribute requirements ??)
My .json config :
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
"evaluationOrder" : 10000,
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "sAMAccountName", "displayName", "cn"] ]
},
"requiredAttributes" : {
"@class" : "java.util.HashMap",
"sAMAccountName" : [ "java.util.HashSet", [ "mylogin_ad" ] ],
"displayName" : [ "java.util.HashSet", ["NAME Julien"] ]
}
}
}
My attribute config in management.properties :
cas.authn.attributeRepository.attributes.uid=sAMAccountName={user}
cas.authn.attributeRepository.attributes.mail=mail
cas.authn.attributeRepository.attributes.displayName=displayName
cas.authn.attributeRepository.attributes.cn=commonName
My log :
=============================================================
WHO: mylogin_ad
WHAT: Supplied credentials: [mylogin_ad]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Thu Jun 29 09:40:22 CEST 2017
CLIENT IP ADDRESS: ip_client
SERVER IP ADDRESS: ip_serveur
=============================================================
>
2017-06-29 09:40:22,748 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationTransactionManager] - <Successful authentication; Collecting authentication result [org.apereo.cas.authentication.DefaultAuthentication@915180a0]>
2017-06-29 09:40:22,760 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,770 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,777 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,785 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,785 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,792 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,803 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,810 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,817 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,823 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2017-06-29 09:40:22,824 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Collecting authentication history based on [1] authentication events>
2017-06-29 09:40:22,825 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Evaluating authentication principal [mylogin_ad] for inclusion in result>
2017-06-29 09:40:22,825 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Collected principal attributes [{memberOf=[CN=Liste Utilisateurs XXXX,OU=Groupes de distribution,OU=Groupes,DC=domaine,DC=com,DC=fr], LdapAuthenticationHandler.mylogin_ad=CN=NAME Julien,OU=D.S.I.,OU=ADMINISTRATIFS,DC=domaine,DC=com,DC=fr, mail=mylog...@domain.com, sAMAccountName=mylogin_ad, displayName=NAME Julien}] for inclusion in this result for principal [mylogin_ad]>
2017-06-29 09:40:22,827 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Collected single authentication attribute [authenticationMethod] -> [LdapAuthenticationHandler]>
2017-06-29 09:40:22,827 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Collected single authentication attribute [successfulAuthenticationHandlers] -> [[LdapAuthenticationHandler]]>
2017-06-29 09:40:22,827 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Finalized authentication attributes [{authenticationMethod=LdapAuthenticationHandler, successfulAuthenticationHandlers=[LdapAuthenticationHandler]}] for inclusion in this authentication result>
2017-06-29 09:40:22,828 DEBUG [org.apereo.cas.authentication.DefaultPrincipalElectionStrategy] - <Nominated [mylogin_ad] as the primary principal>
2017-06-29 09:40:22,829 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Determined primary authentication principal to be [mylogin_ad]>
2017-06-29 09:40:22,829 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Collected authentication attributes for this result are [{authenticationMethod=LdapAuthenticationHandler, successfulAuthenticationHandlers=[LdapAuthenticationHandler]}]>
2017-06-29 09:40:22,829 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Authentication result commenced at [2017-06-29T09:40:22.829+02:00[Europe/Paris]]>
2017-06-29 09:40:22,829 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Building an authentication result for authentication [org.apereo.cas.authentication.DefaultAuthentication@cc139fa0] and service [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@18c92e83[id=https://servername.domain.com.fr:8443/cas-management/manage.html,originalUrl=https://servername.domain.com.fr:8443/cas-management/manage.html,artifactId=<null>,principal=<null>,loggedOutAlready=false,format=XML]]>
2017-06-29 09:40:22,830 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Creating new transaction with name [org.apereo.cas.DefaultCentralAuthenticationService.createTicketGrantingTicket]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
2017-06-29 09:40:22,830 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Creating new transaction with name [org.apereo.cas.DefaultCentralAuthenticationService.createTicketGrantingTicket]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
2017-06-29 09:40:22,837 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Locating principal attributes for [mylogin_ad]>
2017-06-29 09:40:22,838 DEBUG [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository] - <[DefaultPrincipalAttributesRepository] will return the collection of attributes directly associated with the principal object which are [{displayName=NAME Julien, LdapAuthenticationHandler.mylogin_ad=CN=NAME Julien,OU=D.S.I.,OU=ADMINISTRATIFS,DC=domaine,DC=com,DC=fr, mail=mylog...@domain.com, memberOf=[CN=Liste Utilisateurs APPLIS,OU=Groupes de distribution,OU=Groupes,DC=domaine,DC=com,DC=fr], sAMAccountName=mylogin_ad}]>
2017-06-29 09:40:22,838 DEBUG [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository] - <Found [5] cached attributes for principal [mylogin_ad] that are [{displayName=NAME Julien, LdapAuthenticationHandler.mylogin_ad=CN=NAME Julien,OU=D.S.I.,OU=ADMINISTRATIFS,DC=domaine,DC=com,DC=fr, mail=mylog...@domain.com, memberOf=[CN=Liste Utilisateurs APPLIS,OU=Groupes de distribution,OU=Groupes,DC=domaine,DC=com,DC=fr], sAMAccountName=mylogin_ad}]>
2017-06-29 09:40:22,838 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Found principal attributes [{displayName=NAME Julien, LdapAuthenticationHandler.mylogin_ad=CN=NAME Julien,OU=D.S.I.,OU=ADMINISTRATIFS,DC=domaine,DC=com,DC=fr, mail=mylog...@domain.com, memberOf=[CN=Liste Utilisateurs APPLIS,OU=Groupes de distribution,OU=Groupes,DC=domaine,DC=com,DC=fr], sAMAccountName=mylogin_ad}] for [mylogin_ad]>
2017-06-29 09:40:22,838 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Calling attribute policy [ReturnAllowedAttributeReleasePolicy] to process attributes for [mylogin_ad]>
2017-06-29 09:40:22,840 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attribute policy [ReturnAllowedAttributeReleasePolicy] allows release of [{}] for [mylogin_ad]>
2017-06-29 09:40:22,841 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attempting to merge policy attributes and default attributes>
2017-06-29 09:40:22,841 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Checking default attribute policy attributes>
2017-06-29 09:40:22,841 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Located application context. Retrieving default attributes for release, if any>
2017-06-29 09:40:22,841 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes for release are: [[]]>
2017-06-29 09:40:22,842 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes found to be released are [{}]>
2017-06-29 09:40:22,842 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Adding default attributes first to the released set of attributes>
2017-06-29 09:40:22,842 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Adding policy attributes to the released set of attributes>
2017-06-29 09:40:22,843 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Final collection of attributes allowed are: [{}]>
2017-06-29 09:40:22,843 DEBUG [org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy] - <No principal attributes are found to satisfy defined attribute requirements>
2017-06-29 09:40:22,843 DEBUG [org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy] - <Access is denied. There are not enough attributes available to satisfy requirements>
2017-06-29 09:40:22,843 WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Cannot grant access to service [https://servername.domain.com.fr:8443/cas-management/manage.html] because it is not authorized for use by [mylogin_ad].>
2017-06-29 09:40:22,846 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: mylogin_ad
WHAT: L'application pour laquelle vous avez tenté de vous authentifier n'est pas autorisée à utiliser CAS.
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Thu Jun 29 09:40:22 CEST 2017
CLIENT IP ADDRESS: ip_client
SERVER IP ADDRESS: ip_serveur
=============================================================
Anyone can help me plz ? Thx.
Le lundi 21 novembre 2016 10:34:28 UTC+1, Ludovic Senecaux a écrit :
Reply all
Reply to author
Forward
0 new messages