CAS logging

McLennan, Neil R n.mclennan at imperial.ac.uk
Thu Aug 18 16:13:23 UTC 2022 

Kevin,

attribute-filter.xml file is identical on both servers, so are all the files in config/attributes. The idp_audit.log is not very helpful as shown below.

2022-08-18T16:01:54.456635200Z|146.179.32.222|||https://www.imperial.ac.uk/monitoring/cas/attributes-json/|https://www.apereo.org/cas/protocol/login||||nmhl|||nmhl|ST-AADXGZLDOJSXIMJDLXUYXEXYWYSOETE22WTNR6L7LAZA3EUUZAGEB2DV3CZCJSBJKRY7OSLMAYVZHO2A3LZWXQWC3GP5XRG37UZG36PMSX7NQTDAGCNNO66KD5C4LXWHUG4TMQCUEBLWKORTWK5H7YWBFNZNIXTHYTYUJA52DNJZSUX77EV4FSWOBTZP2RHO3T34FM5FE4EQJ7XEK7BBK733I3PFHIKDBVGROYJLIC3KPYYNA45ONIHQTEMYPVWCKMZ32DQYDI2XRBLTWMA4RZ7VVWNM6OSDHLCGGTMKETFBAMFC7EFSGV6TAYVH3ZY75H76XBC7WYHXDB6XCSD4FNWZC6DK5XGGZA3HTUVCCGHA3SDXGI26ECLNGBQW6KXZYVBW323HHGO5MONCQTIE3NQ54QMYS---||Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0|||nmhl||||||||||

Neil

-----Original Message-----
From: Kevin Foote <kevin.foote at colorado.edu> 
Sent: 18 August 2022 16:19
To: Shib Users <users at shibboleth.net>
Cc: McLennan, Neil R <n.mclennan at imperial.ac.uk>
Subject: Re: CAS logging

Hi Neil, 

All attribute logging will be visible in your $IDP_HOME/logs/idp-audit.log

The attribute delivery per SP (SAML or CAS) is done in the attribute-filter.xml file. That is the file that from your description of events is probably not matching up between your two IdP servers.. 

HTH

- kevin.foote

> On Aug 18, 2022, at 7:40 AM, McLennan, Neil R via users <users at shibboleth.net> wrote:
> 
> Is there any way of seeing in the logs what attributes are output to CAS ? 
> 
> I have two servers which work fine with the same Attribute definitions for CAS and SAML. Server 1  has attribute_resolver.xml using a Proxy to Azure, Server 2's attribute_resolver.xml is pulling from LDAP, however if I copy server 1's attribute_resolver.xml over to server 2 , the SAML is fine but the CAS does not return attributes. I am trying to find out what is wrong.  
> 
> Neil McLennan
> Imperial College London
> 
> -- 
> For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list