On 22 November 2016 at 16:40, pouria Mahmoudi <[email protected]> wrote: > Hi Everyone, > I have a problem with getting group working with mod_auth_cas. > > Here is the snippet: > <Location /my_app> > <RequireAll> > Authtype CAS > Require valid-user > Require group ADMIN > CASAuthNHeader cas > </RequireAll> > </Location> > > I don't see any information related to group in CAS Cookie : > > <cacheEntry xmlns="http://uconn.edu/cas/mod_auth_cas";> > <user>admin</user> > <issued>1479847469143283</issued> > <lastactive>1479847469145147</lastactive> > <path>/my_app/</path> > <ticket>ST-1-cJrtZmKMkuysdXXMXhRK-cas01.example.org</ticket> > <secure /> > </cacheEntry> > > I don't know what I missing. Any help would be appreciated.
I'm going to assume you're using mod_auth_cas v1.1. Are you using a /samlValidate endpoint? Something like: CASValidateURL https://login.example.org/cas/samlValidate CASValidateSAML On If so and you're not getting attributes, check with your CAS server admin. If you aren't using /samlValidate, the current version of mod_auth_cas does not support CASv2 attributes with /serviceValidate. You have 2 options: 1. Use /samlValidate. 2. Try this merge request: https://github.com/Jasig/mod_auth_cas/pull/110. I've successfully tested it and it should be merged soon. As for your require statement, you probably want something like: # assuming Apache 2.4 # be sure to replace GROUP_ATTRIBUTE! require cas-attribute GROUP_ATTRIBUTE:ADMIN -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wA7Vdv2t%3DsOsKsoRbuGV5Uoh3yy6As_ghJtEfMk211Nwg%40mail.gmail.com.
