CAS 5.3.11 - Attribute rewriting and groovy execution delays
56 views
Skip to first unread message
Mac Reid
Jun 21, 2019, 9:10:12 AM6/21/19
to cas-...@apereo.org
Hi,
Some basic info:
RHEL 7
Oracle Java 1.8.0_151
CAS version 5.3.11
We're looking to do some attribute rewriting in a CAS service. We are looking to send a new attribute (that doesn't exist in our attribute repositories) based on the value of an attribute that exists in our attribute repository. For example, given an attribute on the left, we want to send a new attribute on the right:
eduPersonEntitlement: somevalue -> differentAttribute: true
eduPersonEntitlement: othervalue -> differentAttribute: false
This should be possible with a Groovy script, however we are hitting a long delay when executing inline or external groovy scripts. The delay is typically 4 or 5 seconds as seen below.
In Service Def:
attributeReleasePolicy: {
@class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
attributeFilter: {
@class: org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter
script: file:/etc/cas/test.groovy
}
allowedAttributes : ["java.util.ArrayList", ["uid", "differentAttribute"]]
}
Some debug log lines:
2019-06-21 08:15:21,715 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Invoking attribute filter [RegisteredServiceScriptedAttributeFilter(order=0, script=file:/etc/cas/test.groovy)] on the final set of attributes>
2019-06-21 08:15:21,715 DEBUG [org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter] - <Found groovy script file to execute [/etc/cas/test.groovy]>
2019-06-21 08:15:21,716 DEBUG [org.apereo.cas.util.ScriptingUtils] - <Executing groovy script [import java.util.*
logger.info "Attributes currently resolved: ${attributes}"
return attributes
] with variables [{attributes={uid=[mareid-t]}, logger=org.apache.logging.slf4j.Log4jLogger@66f90157}]>
2019-06-21 08:15:26,209 INFO [org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter] - <Attributes currently resolved: [uid:[mareid-t]]>
2019-06-21 08:54:12,657 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Invoking attribute filter [RegisteredServiceScriptedAttributeFilter(order=0, script=file:/etc/cas/test.groovy)] on the final set of attributes>
2019-06-21 08:54:12,657 DEBUG [org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter] - <Found groovy script file to execute [/etc/cas/test.groovy]>
2019-06-21 08:54:17,622 DEBUG [org.apereo.cas.util.scripting.ScriptingUtils] - <Executing groovy script [import java.util.*
logger.info "Attributes currently resolved: ${attributes}"
return attributes
] with variables [{attributes={uid=[mareid-t]}, logger=org.apache.logging.slf4j.Log4jLogger@189abc6}]>
2019-06-21 08:54:18,499 INFO [org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter] - <Attributes currently resolved: [uid:[mareid-t]]>
Is there a different way to accomplish this? Can we eliminate the when executing groovy scripts?
Some basic info:
RHEL 7
Oracle Java 1.8.0_151
CAS version 5.3.11
We're looking to do some attribute rewriting in a CAS service. We are looking to send a new attribute (that doesn't exist in our attribute repositories) based on the value of an attribute that exists in our attribute repository. For example, given an attribute on the left, we want to send a new attribute on the right:
eduPersonEntitlement: somevalue -> differentAttribute: true
eduPersonEntitlement: othervalue -> differentAttribute: false
This should be possible with a Groovy script, however we are hitting a long delay when executing inline or external groovy scripts. The delay is typically 4 or 5 seconds as seen below.
In Service Def:
attributeReleasePolicy: {
@class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
attributeFilter: {
@class: org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter
script: file:/etc/cas/test.groovy
}
allowedAttributes : ["java.util.ArrayList", ["uid", "differentAttribute"]]
}
Some debug log lines:
2019-06-21 08:15:21,715 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Invoking attribute filter [RegisteredServiceScriptedAttributeFilter(order=0, script=file:/etc/cas/test.groovy)] on the final set of attributes>
2019-06-21 08:15:21,715 DEBUG [org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter] - <Found groovy script file to execute [/etc/cas/test.groovy]>
2019-06-21 08:15:21,716 DEBUG [org.apereo.cas.util.ScriptingUtils] - <Executing groovy script [import java.util.*
logger.info "Attributes currently resolved: ${attributes}"
return attributes
] with variables [{attributes={uid=[mareid-t]}, logger=org.apache.logging.slf4j.Log4jLogger@66f90157}]>
2019-06-21 08:15:26,209 INFO [org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter] - <Attributes currently resolved: [uid:[mareid-t]]>
2019-06-21 08:54:12,657 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Invoking attribute filter [RegisteredServiceScriptedAttributeFilter(order=0, script=file:/etc/cas/test.groovy)] on the final set of attributes>
2019-06-21 08:54:12,657 DEBUG [org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter] - <Found groovy script file to execute [/etc/cas/test.groovy]>
2019-06-21 08:54:17,622 DEBUG [org.apereo.cas.util.scripting.ScriptingUtils] - <Executing groovy script [import java.util.*
logger.info "Attributes currently resolved: ${attributes}"
return attributes
] with variables [{attributes={uid=[mareid-t]}, logger=org.apache.logging.slf4j.Log4jLogger@189abc6}]>
2019-06-21 08:54:18,499 INFO [org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter] - <Attributes currently resolved: [uid:[mareid-t]]>
Is there a different way to accomplish this? Can we eliminate the when executing groovy scripts?
Thanks,
Mac
Daniel Ellentuck
Jun 24, 2019, 10:28:19 AM6/24/19
to CAS Users
Hi Mac,
You might want to look at implementing a custom org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy or just extending org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy and overriding getAttributesInternal(). This method gives you access to the attributes and a place to do whatever transformations are needed. I've used that approach.
You then need to configure your RegisteredServices with your custom attribute release policy, as shown, e.g., here: https://apereo.github.io/cas/5.3.x/integration/Attribute-Release-Policies.html.
Dan Ellentuck
Columbia University I.T.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALX_e4mG%3Dv%2BkR6yY7KnfjdXfgm-mmyb2WZ82a2XG%2BBD0M0w%3Dkg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages