[cas-user] Problem whith service access strategy

Wed, 15 Jun 2016 06:29:06 -0700 

Hi, i am CAS 4.1.6 and i want to enable access based on group
membership. I read the documentation
https://apereo.github.io/cas/4.1.x/installation/Configuring-Service-Access-Strategy.html

The configuration of service -----------------------------

{
  "@class": "org.jasig.cas.services.RegexRegisteredService",
  "id": 125,
  "name": "www service",
  "description": "Description of www service.",
  "serviceId": "^http.*://.*",
  "theme": "cas-theme-default",
  "evaluationOrder": 125,
  "logoutType": "BACK_CHANNEL",
  "accessStrategy": {
    "@class":
"org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
    "enabled": true,
    "ssoEnabled": true,
    "requireAllAttributes": false,
    "requiredAttributes": { "@class": "java.util.HashMap",
      "listas": [ "java.util.HashSet", [ "group1, group3" ] ]
    }
  },
  "usernameAttributeProvider": {
    "@class":
"org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
  },
  "attributeReleasePolicy": {
    "@class": "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
    "authorizedToReleaseCredentialPassword": false,
    "authorizedToReleaseProxyGrantingTicket": false,
    "allowedAttributes": [
      "java.util.ArrayList", [ "memberof" ]
    ]
  }
}


After authentication the DEBUG log the user is not authorized
************************
[org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy] - <These
required attributes [{listas=[group1, group3]}] are examined against
[{memberof=[group1, group2, group3, group4, group5]}] before service can
proceed.>
[org.jasig.cas.util.RegexUtils] - <Pattern (group1, group3) is a valid
regex.>
[org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy] -
<Principal is denied access as the required attributes for the
registered service are missing>
[org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceManagement:
Cannot grant service ticket because Service [http://xxx.xxx.xxx/] is not
authorized for use by [[email protected]].>


What is wrong.

Thanks for advance.

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/576157F2.2070207%40um.es.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Reply via email to