I haven't modified it to match your use case expressly and keep in mind,
instead of doing this every time I retrieve data from ldap (performance), I
am only doing it when a SP needs memberships and I am only passing the
groups that match their use (least privilege).
import java.util.*
def run(final Object... args) {
def attributes = args[0]
def logger = args[1]
// logger.debug("Current attributes are {}", attributes)
def groupMemberships=attributes['groupMembership']
// logger.debug("Current groups are {}", groupMembership)
// only keep groups that match groupMemberships
groupMemberships.retainAll { it.toLowerCase().startsWith('cn=sis-asp') }
def roles = []
// for each build custom string that AWS expects
groupMemberships.each {kuGroup ->
def (_,role) = (kuGroup =~ /^cn=sis-asp.([^,]*).*/)[0]
roles.add("sis-asp-${role}")
}
return roles
}
The release is essentially:
"attributeReleasePolicy" : {
"@class" :"org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"eduPersonPrincipalName" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"urn:oid:1.3.6.1.4.1.5923.1.5.1.1" :
"file:/etc/cas/config/scripts/pathlock-roles.groovy"
}
},
Andrew Marker
On Tue, Nov 12, 2024 at 9:13 PM Ray Bon <[email protected]> wrote:
> Daniel,
>
> See PATTERN FORMAT or EXTERNAL SCRIPT at the bottom of
> https://apereo.github.io/cas/7.1.x/integration/Attribute-Definitions.html
>
>
> Ray
> On Tue, 2024-11-12 at 18:06 -0500, Daniel Maldonado wrote:
>
> [You don't often get email from [email protected]. Learn why
> this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> I would like to get the top leven “cn” from my ldap query. The values
> returned look like:
>
> memberOf=[cn=admins,cn=groups,cn=accounts,dc=mycompany,dc=com,…]
>
> as one of the attributes. I only need the top values: “admins”
> and not everything else.
>
> I can not find in the documentation where I can basically return this top
> level value as a set.
>
> I can do it in my Java app but that would mean a “custom” solution for all
> my apps.
>
> Am I missing something here?
>
> CAS version: 7.1.1
>
> --
> - Website:
> https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7C6108767894c042badf2e08dd0389a1a9%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638670611835591998%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=qgt4zh8Hcuxw%2BQ4YHy%2BFEHqcJWXbxV%2BAs5JpC%2FKshxM%3D&reserved=0
> <https://apereo.github.io/cas>
> - List Guidelines:
> https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=05%7C02%7Crbon%40uvic.ca%7C6108767894c042badf2e08dd0389a1a9%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638670611835611345%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=kx2P69WsJOUbVv7xHygFbDRJ7BdX6kLq3tsEn3hples%3D&reserved=0
> <https://goo.gl/1VRrw7>
> - Contributions:
> https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=05%7C02%7Crbon%40uvic.ca%7C6108767894c042badf2e08dd0389a1a9%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638670611835622203%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=jdSb24WsOrqHL8pe9JGn3VV7Zrf2VUoBWfPlI0sqbl4%3D&reserved=0
> <https://goo.gl/mh7qDG>
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion visit
> https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FE73E9572-BC4B-4428-97CE-7241ED1F4CC1%2540epc-instore.com&data=05%7C02%7Crbon%40uvic.ca%7C6108767894c042badf2e08dd0389a1a9%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638670611835633812%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=29McdrmdbESKw0nhBiDbQUY91xTaP3gA19yT8iE3gn0%3D&reserved=0
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/E73E9572-BC4B-4428-97CE-7241ED1F4CC1%40epc-instore.com>
> .
>
>
> --
> - Website: https://apereo.github.io/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d4e3128410fe5a4e3d2fe930da1fdfcff05e64e8.camel%40uvic.ca
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d4e3128410fe5a4e3d2fe930da1fdfcff05e64e8.camel%40uvic.ca?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGGVe%2BFnjkD%3D3iJgZhRMsyfPP5kc-inawkxHJZzQJTOpHdATMQ%40mail.gmail.com.
