I'm having difficulty understanding how to configure the security layer
for the CAS management webapp, if I don't want to use a static list.
If I provide cas.mgmt.authzAttributes=memberOf, then it would seem that
I should set cas.mgmt.adminRoles to the group.
In theory this might seem like it should work. However, AD groups have
commas in them, and the code is splitting on commas. The Spring
documentation for the method is a bit vague, but it appears that quoting
the string that you don't want split, doesn't work. This is despite
StringUtils in Spring referring to CSV. So there is no way for the whole
to be equal to the first bit.
Is this a bug, or am I just doing it wrong?
Documentation for the LDAP module is lacking, and I can't quite guess
what I'm supposed to do there. I was thinking about using the
userPropertiesFile, but that doesn't appear to be read after startup. So
I'd have to have Puppet update the static file, then manually restart
the management application (via Tomcat Manager, which is protected by CAS).
Thanks,
Richard
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/75874cc7-09a5-6050-88a9-57659a15997b%40ndsu.edu.
