Access strategy not working with SAML based service
Nordy Di Marzio
hello cas community,
wish you are doing great,
i am having little issues having to work access strategy with SAML based service
more precisely, i am trying to implement access restrictions based on group membership but for now all users are able to logon on the app regardless of their group membership, and no error is being logged
so i am wondring if there is somthing missing in my config, could you please help me find out what else should i configure ?
this is the service file that i am using
{
"@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId": "https://foo.bar/",
"name": "foo",
"id": 10013986,
"evaluationOrder": 3,
"metadataLocation": "/etc/cas/saml/foo.xml",
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"requireAllAttributes" : false,
"ssoEnabled" : true,
"requiredAttributes" : {
"@class" : "java.util.HashMap",
"memberOf" : [ "java.util.HashSet", [ "CN=GRP,CN=Users,DC=corp,DC=foo,DC=bar" ] ]
}
}
}
the cas version i am using is 5.1
thank for your help,
Nordy
Carl Waldbieser
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "Entity ID goes here ...",
"id": 1000,
"evaluationOrder": 1000,
"name": "SAML Provider",
"description": "Blah blah blah ...",
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes": [
"java.util.ArrayList",
[
"eduPersonEntitlement"
]
],
"attributeFilter": {
"@class": "org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter",
"completeMatch": false,
"excludeUnmappedAttributes": false,
"order": 0,
"patterns": {
"@class": "java.util.HashMap",
"eduPersonEntitlement": "^https://example.lafayette.edu/authorized$"
}
}
},
"accessStrategy": {
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"unauthorizedRedirectUrl": "https://example.lafayette.edu/pages/403.html",
"requiredAttributes": {
"@class": "java.util.HashMap",
"eduPersonEntitlement": [
"java.util.HashSet",
[
"https://example.lafayette.edu/authorized"
]
]
}
},
"logo": "https://cdn.lafayette.edu/images/logos/example-100x100.png",
"properties": {
"@class": "java.util.HashMap",
"InformationURL": {
"@class": "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values": [
"java.util.HashSet",
[
"https://help.lafayette.edu/example"
]
]
}
}
}
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAA8Tp34kFCWYLEEB4nn8%3DcJki4WCkp-x0V208P%2BfRwdwyqKrXw%40mail.gmail.com.
Nordy Di Marzio
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALt4NbP%3DS0iM1OYSRyeC9bhZ5RNj5QmgYDntDhpKR9i%3Da0e83g%40mail.gmail.com.