I am having trouble limiting accounts to which a user can log in as a
surrogate to.
I want to restrict eligible surrogates to a list based on membership in an
LDAP group.
The following properties work great when using the GUI method to select
surrogates.
However, when I use the Preselected method I am allowed to surrogate as any
valid user, which should not be allowed.
Any help would be greatly appreciated. Thanks.
pom.xml
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-surrogate-webflow</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-surrogate-authentication-ldap</artifactId>
<version>${cas.version}</version>
</dependency>
cas.properties
cas.authn.surrogate.separator=+
cas.authn.surrogate.ldap.ldapUrl=ldaps://<my ldap server>
cas.authn.surrogate.ldap.bindDn=<my ldap user>
cas.authn.surrogate.ldap.bindCredential=<my ldap password>
cas.authn.surrogate.ldap.baseDn=<my base dn>
cas.authn.surrogate.ldap.subtreeSearch=true
cas.authn.surrogate.ldap.searchFilter=cn={user}
cas.authn.surrogate.ldap.surrogateSearchFilter=cn={user}
cas.authn.surrogate.ldap.memberAttributeName=groupMembership
cas.authn.surrogate.ldap.memberAttributeValueRegex=cn=(?:Group1|Group2)...(.*),ou=groups,o=domain
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/24608ddc-fb30-4bc6-8f49-d11e5f66eb6a%40apereo.org.
