I figured it out in the end... the users listed in /etc/cas/user-details.properties were required to have the "enabled" flag on the end, despite the comments indicating it was optional. eg: jsmith=notused,ROLE_ADMIN,enabled
cheers, Dan On Tuesday, 7 June 2016 22:50:54 UTC+10, Eric Kyle wrote: > > Hi Dan, > > No, I still haven't figured this out - though I haven't had much time to > look at it. I plan on digging back into it this summer. > > Eric > > On Mon, May 23, 2016 at 6:48 PM, Dan Reeder <[email protected] > <javascript:>> wrote: > >> Hi Eric, did you ever manage to get this working? >> We're using CAS 4.2 with the additional cas-services app. CAS is setup to >> use our ADFS which works beautifully for other registered json services, >> but I can't figure out how to get the cas-services app to also pay >> attention to ADFS auth tickets. It would be nice if cas-services could >> check for an attribute being passed back from adfs (such as the presence of >> a particular AD group membership), but I'd settle for a static list of >> permitted principal usernames. >> >> cheers, >> Dan >> >> On Tuesday, 1 March 2016 05:43:21 UTC+10, Eric Kyle wrote: >>> >>> The title says it call. I have CAS (4.2 RC2) setup to authenticate >>> against ADFS, which works fine when I got to localhost/cas, but when I try >>> to go to the deployed cas-services page (which also authenticates >>> successfully against cas/adfs), I get the message >>> >>> >>> Access Denied >>> >>> You are not authorized to access this resource. Contact your CAS >>> administrator for more info >>> >>> >>> This is the one thing holding me back from authenticating uPortal and >>> our other services. I have looked in the deployerConfigContext.xml file and >>> a hundred other places, but I can't seem to figure out how to authenticate >>> properly. Any help would be greatly appreciated. >>> >>> >>> Eric >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] <javascript:>. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/99f3bace-3e66-4bad-b660-4ea34689b905%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/99f3bace-3e66-4bad-b660-4ea34689b905%40apereo.org?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f8bf7ee7-8170-4baa-b2df-7ed2b15960d2%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
