require group
85 views
Skip to first unread message
pouria Mahmoudi
Nov 22, 2016, 4:40:28 PM11/22/16
to CAS Community
Hi Everyone,
I have a problem with getting group working with mod_auth_cas.
Here is the snippet:
<Location /my_app>
<RequireAll>
Authtype CAS
Require valid-user
Require group ADMIN
CASAuthNHeader cas
</RequireAll>
</Location>
I don't see any information related to group in CAS Cookie :
<cacheEntry xmlns="http://uconn.edu/cas/mod_auth_cas">
<user>admin</user>
<issued>1479847469143283</issued>
<lastactive>1479847469145147</lastactive>
<path>/my_app/</path>
<ticket>ST-1-cJrtZmKMkuysdXXMXhRK-cas01.example.org</ticket>
<secure />
</cacheEntry>
I don't know what I missing. Any help would be appreciated.
Thanks
David Hawes
Nov 22, 2016, 6:07:39 PM11/22/16
to CAS Community
Are you using a /samlValidate endpoint? Something like:
CASValidateURL https://login.example.org/cas/samlValidate
CASValidateSAML On
If so and you're not getting attributes, check with your CAS server admin.
If you aren't using /samlValidate, the current version of mod_auth_cas
does not support CASv2 attributes with /serviceValidate.
You have 2 options:
1. Use /samlValidate.
2. Try this merge request:
https://github.com/Jasig/mod_auth_cas/pull/110. I've successfully
tested it and it should be merged soon.
As for your require statement, you probably want something like:
# assuming Apache 2.4
# be sure to replace GROUP_ATTRIBUTE!
require cas-attribute GROUP_ATTRIBUTE:ADMIN
pouria Mahmoudi
Nov 23, 2016, 12:00:14 PM11/23/16
to CAS Community
Yes,
require cas-attribute GROUP_ATTRIBUTE:ADMIN is exactly what I needed but I am not using samlVaildate.
Thanks David for the reply and I hope to get the new release with this fix in it.
Message has been deleted
David Hawes
Nov 23, 2016, 2:59:46 PM11/23/16
to CAS Community
I'd expect by the end of the year at the latest.
On 23 November 2016 at 12:21, pouria Mahmoudi <pouria....@gmail.com> wrote:
> Oh by the way,
> Is it possible to tell me how soon this change would be merged?
>
> Thanks
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines:
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b4cf8bc3-b3d9-496e-b11c-4aea1599790a%40apereo.org.
On 23 November 2016 at 12:21, pouria Mahmoudi <pouria....@gmail.com> wrote:
> Oh by the way,
> Is it possible to tell me how soon this change would be merged?
>
> Thanks
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines:
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b4cf8bc3-b3d9-496e-b11c-4aea1599790a%40apereo.org.
Reply all
Reply to author
Forward
Message has been deleted
0 new messages