Hi Ray, Would you explain more please?
- I have a cas service for the management app including accessStrategy. - the authentication now happens using cas sso server and returns memberOf attribute which contains the ldap groups. - accessStrategy works fine to control roles but requires the userid to be present in aminusers.json What I would like to do is to avoid listing all users in the administers.json - when I remove mgmt.user-properties-file from the properties cas management does not start because it is required by the AithorizationGenerator bean. I added the property mgmt.authz-attributes[0] = memberOf But don’t know what to do to avoid listing the users in adminusers.json Thanks Le mar. 16 juil. 2024 à 04:53, Ray Bon <r...@uvic.ca> a écrit : > Mohamed, > > I have this in my management.properties file > mgmt.authz-attributes[0] = description > > In LDAP I have > description: ROLE_ADMIN > > I believe the attribute value must be ROLE_ADMIN. > You may be able to remap the value from your ldap group. > > Ray > ------------------------------ > *From:* cas-user@apereo.org <cas-user@apereo.org> on behalf of Mohamed > Amdouni <me.amdo...@gmail.com> > *Sent:* 15 July 2024 08:27 > *To:* CAS Community <cas-user@apereo.org> > *Subject:* [cas-user] How to configure access to cas management using > LDAP roles > > You don't often get email from me.amdo...@gmail.com. Learn why this is > important <https://aka.ms/LearnAboutSenderIdentification> > Hello, > > I configured a cas management with : > > mgmt.admin-roles[0]=ROLE_ADMIN > mgmt.user-properties-file=<pathToProperties files> > > > I would like to give access using the ldap attribute memberOf instead of > hardcoding users in the file "mgmt.user-properties-file". > I mean, if a user is a memeber of the cas-admin ldap group he will be able > to access cas management as administrator. > > I tried accessStrategy but it does not work and the user should be defined > in the property file. > > Thanks. > > > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/5357c4a0-9b60-4f7b-a1a9-d30ce9d8ac94n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5357c4a0-9b60-4f7b-a1a9-d30ce9d8ac94n%40apereo.org?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/YT3PR01MB99462A8A828BAB6EE3D8E7E4CEA12%40YT3PR01MB9946.CANPRD01.PROD.OUTLOOK.COM > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/YT3PR01MB99462A8A828BAB6EE3D8E7E4CEA12%40YT3PR01MB9946.CANPRD01.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALmwvcaSmfxta4PwghxbuT6P0HtTc0NP%3DwZ1nkzDv%2B4if0JO7A%40mail.gmail.com.
