I get the following WARN log entry from
org.apereo.cas.services.RegisteredServiceAccessStrategyUtils
WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] -
<Unauthorized Service Access. Service [defnotaservice] is not found in service
registry.>
I believe this is configured in log4j.xml with the following in <Loggers>
<AsyncLogger
name="org.apereo.cas.services.AbstractServicesManager" level="info"
includeLocation="true"/>
Hope that at least sets you on the correct path.
From: cas-user@apereo.org <cas-user@apereo.org> On Behalf Of Baron Fujimoto
Sent: Saturday, July 3, 2021 1:09 AM
To: CAS Community <cas-user@apereo.org>
Subject: [EXTERNAL SENDER] [cas-user] CAS 5.0, 6.3 logging differences
Continuing our journey to upgrade from CAS 5.0 to 6.3, I have some questions re
logging differences I'm seeing.
Service not found in service registry
------------------------------------------------
With CAS 5.0, if a service was not registered, we see something like this
logged for an unauthorized service such as "https://www.foo.com":
WARN [org.apereo.cas.web.flow.ServiceAuthorizationCheck] - <Service Management:
missing service. Service [https://www.foo.com] is not found in service
registry.>
This is often very helpful for troubleshooting to be able to see what URL an
app is trying to use.
But with CAS6.3 we see:
ERROR
[org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter]
- <Service unauthorized>
org.apereo.cas.services.UnauthorizedServiceException: Service unauthorized
at
org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer.execute(RegisteredServiceAccessStrategyAuditableEnforcer.java:112)
~[cas-server-core-services-api-6.3.4.jar:6.3.4]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat-util.jar:9.0.46]
[...many many lines of stack trace...]
at java.lang.Thread.run(Thread.java:829) [?:?]
The unauthorized service is never identified, which removes a valuable
troubleshooting tool. Is there a way to include this information?
We definitely want to see things logged as ERRORs, but the stack trace seems
more appropriate for something at the DEBUG level?
Failed authentications
-----------------------------
With CAS 5.0, when a user authentication failed, we'd see something like the
following logged:
INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler failed authenticating USERNAME>
WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authentication has failed. Credentials may be incorrect or CAS cannot find
authentication handler that supports [USERNAME] of type
[UsernamePasswordCredential], which suggests a configuration problem.>
INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: USERNAME
WHAT: Supplied credentials: [USERNAME]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Jul 02 17:06:00 HST 2021
CLIENT IP ADDRESS: 172.19.100.162
SERVER IP ADDRESS: 172.16.1.76
=============================================================
>
Whereas with CAS 6.3, we get:
INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<[LdapAuthenticationHandler] exception details: [Invalid credentials].>
INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: USERNAME
WHAT: Supplied credentials: [UsernamePasswordCredential(username=USERNAME,
source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Jul 02 17:00:45 HST 2021
CLIENT IP ADDRESS: 10.17.133.2
SERVER IP ADDRESS: 10.17.133.14
=============================================================
>
WARN
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
- <1 errors, 0 successes>
DEBUG
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
- <1 errors, 0 successes>
org.apereo.cas.authentication.AuthenticationException: 1 errors, 0 successes
at
org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:340)
~[cas-server-core-authentication-api-6.3.4.jar:6.3.4]
[... ~200 more lines of stack trace ...]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat-util.jar:9.0.46]
at java.lang.Thread.run(Thread.java:829) [?:?]
This 200+ line stack trace seems like overkill and not really helpful. Is the
solution to this just not logging
org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver
at the debug level?
--
Baron Fujimoto <ba...@hawaii.edu<mailto:ba...@hawaii.edu>> :: UH Information
Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2uh%3DN49pLnAmEuPxjem_yMmbXkQpfcj9fE3%2Brkk-v8yA%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2uh%3DN49pLnAmEuPxjem_yMmbXkQpfcj9fE3%2Brkk-v8yA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6699c8c32a7446bf8ffbd9f9d58093ec%40mun.ca.
