I was able to create a custom "RegisteredServiceAttributeFilter", where fetch the mapped group/roles from the database and add them to the profiles attributes.
Am Montag, 20. Januar 2020 08:56:50 UTC+1 schrieb craab: > > Hi, > > I am using CAS 6.1.3 with Ldap. I have configured Ldap for Authtication > and as attribute repository. Additionally I have a jdbc attribute > repository. Merging rule is configered to "MULTIVALUED". > > Now I want to map the users ldap groups to roles and add those to the > users attributes. The roles are saved in a separate database table > "GROUPS_TO_ROLES", where one group can have one or more roles. Additionally > the user gets assigned roles from the jdbc attribute repo. > > For example: > There is a ldap group "Users" that should be mapped to the roles > "MODULE_A_USER" and "MODULE_B_USER". > > A user authenticates with his ldap credentials. Authentication succeeds > and his attributes are resolved via cas via ldap and jdbc. From ldap the > user gets the attribute groups="Users" and from jdbc he gets the attribute > roles="MODULE_C_USER". > > Now some mapping takes place (and my question is, how to do this). > > The final profile would have the attributes: > groups=Users > roules="MODULE_A_USER", "MODULE_B_USER", "MODULE_C_USER" > > Does anyone know how to do this? > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/619197ac-4e66-457a-94be-9733f0bb2a4f%40apereo.org.
