Hi Jérémie, I saw that you are using CAS 6.4, which is still in RC. Have you try it in CAS 6.3.2? Or even 6.2.x?
Even though 6.4.x is in RC, sometime bug do occurs and using slightly older version might help identify your issue. Anyway, It is not so certain what the issue is, below are some suggestion, see if implementing them would help or not: *Q: How can I clean the CAS cache ?* You can do this by disable CAS attribtue cache so to verify if cache is the issue: *cas.authn.attribute-repository.expiration-time=0* See: https://apereo.github.io/cas/6.3.x/configuration/Configuration-Properties.html#authentication-attributes But, I don't think that is the issue, considering you never get any attribute in the first place. *Another possible solution:* In CAS 6.2.x, if order for attribute to release, I need to add ========================= * "attributeReleasePolicy" : {* * .............* * "principalAttributesRepository" : {* * "@class" : "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository",* * "attributeRepositoryIds": ["java.util.HashSet", [ "*" ]]* * },* * .............* * },* ========================= Detail see this post https://groups.google.com/a/apereo.org/g/cas-user/c/713M457X1bI/m/g6q3-ddKAQAJ Not sure if this is the same behavior as 6.4.x, you can try it and see if this fix it for you. Hopefully this helps! Cheers, Andy On Friday, 26 March 2021 at 04:24:49 UTC+8 Jérémie Pilette wrote: > I htink so. > Where can we see it ? > > Le jeudi 25 mars 2021 à 20:54:04 UTC+1, jrautureau a écrit : > >> Hi Jérémy >> >> Is the passwordPolicy is enabled ? >> >> Le jeu. 25 mars 2021 à 20:26, Jérémie Pilette <jerem....@gmail.com> a >> écrit : >> >>> >>> The attribute and the value are good in the LDAP. >>> By watching the ldap.log.level=debug, I do not see something strange.. I >>> can see all the values with their attributes, no error messages... >>> Le jeudi 25 mars 2021 à 18:57:34 UTC+1, Ray Bon a écrit : >>> >>>> Jérémie, >>>> >>>> Check ldap to be sure an attribute and value exist for id_attribute for >>>> your user. You could also check your ldap logs to see why the value is not >>>> released. >>>> >>>> If cas is having difficulties connecting to ldap, you can set, >>>> <Property name="ldap.log.level">debug</Property> >>>> which is at the top of the log4j2.xml file. >>>> >>>> Ray >>>> >>>> On Thu, 2021-03-25 at 10:04 -0700, Jérémie Pilette wrote: >>>> >>>> Notice: This message was sent from outside the University of Victoria >>>> email system. Please be cautious with links and sensitive information. >>>> >>>> Yes I have this file. I try to do with it ok. >>>> >>>> And in my */var.lib/tomcat9/Cataline.out*, I have this line : >>>> [2021-03-25 18:02:39] [info] #033[33m2021-03-25 18:02:39,848 WARN >>>> [org.apereo.cas.services.ReturnMappedAttributeReleasePolicy] - <Could not >>>> find value for mapped attribute [*codeNYP*] that is based off of [ >>>> *id_attribute*] in the allowed attributes list. Ensure the original >>>> attribute [*id_attribute*] is retrieved and contains at least a single >>>> value. Attribute [*codeNYP*] will and can not be released without the >>>> presence of a value.>#033[m >>>> >>>> >>>> Le jeudi 25 mars 2021 à 17:55:46 UTC+1, Ray Bon a écrit : >>>> >>>> Jérémie, >>>> >>>> The cas logger bit can be added to etc/cas/config/log4j2.xml). >>>> >>>> Ray >>>> >>>> On Thu, 2021-03-25 at 09:35 -0700, Jérémie Pilette wrote: >>>> >>>> Notice: This message was sent from outside the University of Victoria >>>> email system. Please be cautious with links and sensitive information. >>>> >>>> Thank you for your response Ray Bon, but where I have to do that ? >>>> Should I uncomment these lines in a file or add these lines in a >>>> specific file ? >>>> Thank you. >>>> >>>> >>>> Le jeudi 25 mars 2021 à 16:46:34 UTC+1, Ray Bon a écrit : >>>> >>>> Jérémie, >>>> >>>> Try this logger to see what cas is doing with the attributes: >>>> >>>> <!-- DEBUG Found principal attributes [...] for [username] >>>> Attribute policy [???] allows release of [...] for >>>> [username] >>>> Final collection of attributes allowed are: [...] --> >>>> <AsyncLogger >>>> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy" >>>> >>>> level="debug"/> >>>> >>>> The client application must be configured to call the CASv3 endpoint. >>>> >>>> Ray >>>> >>>> On Thu, 2021-03-25 at 01:56 -0700, Jérémie Pilette wrote: >>>> >>>> Notice: This message was sent from outside the University of Victoria >>>> email system. Please be cautious with links and sensitive information. >>>> >>>> >>>> >>>> Hi, >>>> I would like to use Attribute release for one application (Yparéo). >>>> I was usin CAS 5.1, and it was operationnal. >>>> >>>> Now with the new version 6.4, it does'nt work. >>>> >>>> I am using json file configuration : >>>> ****************************************************************** >>>> { >>>> "@class" : "org.apereo.cas.services.RegexRegisteredService", >>>> "serviceId" : "^(https|http)://URL/cas.*", >>>> "name" : "netYpareo", >>>> "id" : 10000005, >>>> "description" : "NetYparéo", >>>> "evaluationOrder" : 3, >>>> "accessStrategy" : >>>> { >>>> "@class" : >>>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", >>>> "enabled" : "true", >>>> "ssoEnabled" : "true", >>>> "requireAllAttributes": "true", >>>> "caseInsensitive": "false" >>>> }, >>>> "attributeReleasePolicy" : >>>> { >>>> "@class" : >>>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", >>>> "allowedAttributes" : >>>> { >>>> "@class" : "java.util.TreeMap", >>>> "*id_attribute*" : "*codeNYP*" >>>> } >>>> }, >>>> "authorizedToReleaseCredentialPassword" : "false", >>>> "authorizedToReleaseProxyGrantingTicket" : "false", >>>> "excludeDefaultAttributes" : "false", >>>> "*principalIdAttribute*" : "*login_attribute*" >>>> } >>>> ****************************************************************** >>>> In my cas.properties : >>>> cas.authn.authentication-attribute-release-enabled=*true* >>>> cas.authn.ldap[0].principal-attribute-list=*id_attribute* >>>> >>>> Maybe I forget something ? >>>> >>>> One other question : How could we know which protocol is used to do >>>> that ? >>>> The application accept CASv3, so I want to use CASv3, not SAML or other >>>> .... >>>> >>>> Thank you >>>> >>>> -- >>>> >>>> >>>> Ray Bon >>>> Programmer Analyst >>>> Development Services, University Systems >>>> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca >>>> >>>> I respectfully acknowledge that my place of work is located within the >>>> ancestral, traditional and unceded territory of the Songhees, Esquimalt >>>> and >>>> WSÁNEĆ Nations. >>>> >>>> -- >>>> >>>> >>>> Ray Bon >>>> Programmer Analyst >>>> Development Services, University Systems >>>> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca >>>> >>>> I respectfully acknowledge that my place of work is located within the >>>> ancestral, traditional and unceded territory of the Songhees, Esquimalt >>>> and >>>> WSÁNEĆ Nations. >>>> >>>> -- >>>> >>>> Ray Bon >>>> Programmer Analyst >>>> Development Services, University Systems >>>> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca >>>> >>>> I respectfully acknowledge that my place of work is located within the >>>> ancestral, traditional and unceded territory of the Songhees, Esquimalt >>>> and >>>> WSÁNEĆ Nations. >>>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+u...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f0401584-5fa0-44b2-b400-829704856ccbn%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f0401584-5fa0-44b2-b400-829704856ccbn%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b1618458-9411-455f-881a-3b55feb18282n%40apereo.org.
