Yes, *require cas-attribute GROUP_ATTRIBUTE:ADMIN* is exactly what I needed but I am not using samlVaildate.
Thanks David for the reply and I hope to get the new release with this fix in it. On Tuesday, November 22, 2016 at 3:07:39 PM UTC-8, dhawes wrote: > > On 22 November 2016 at 16:40, pouria Mahmoudi <pouria....@gmail.com > <javascript:>> wrote: > > Hi Everyone, > > I have a problem with getting group working with mod_auth_cas. > > > > Here is the snippet: > > <Location /my_app> > > <RequireAll> > > Authtype CAS > > Require valid-user > > Require group ADMIN > > CASAuthNHeader cas > > </RequireAll> > > </Location> > > > > I don't see any information related to group in CAS Cookie : > > > > <cacheEntry xmlns="http://uconn.edu/cas/mod_auth_cas";> > > <user>admin</user> > > <issued>1479847469143283</issued> > > <lastactive>1479847469145147</lastactive> > > <path>/my_app/</path> > > <ticket>ST-1-cJrtZmKMkuysdXXMXhRK-cas01.example.org</ticket> > > <secure /> > > </cacheEntry> > > > > I don't know what I missing. Any help would be appreciated. > > I'm going to assume you're using mod_auth_cas v1.1. > > Are you using a /samlValidate endpoint? Something like: > > CASValidateURL https://login.example.org/cas/samlValidate > CASValidateSAML On > > If so and you're not getting attributes, check with your CAS server admin. > > If you aren't using /samlValidate, the current version of mod_auth_cas > does not support CASv2 attributes with /serviceValidate. > > You have 2 options: > > 1. Use /samlValidate. > 2. Try this merge request: > https://github.com/Jasig/mod_auth_cas/pull/110. I've successfully > tested it and it should be merged soon. > > As for your require statement, you probably want something like: > > # assuming Apache 2.4 > # be sure to replace GROUP_ATTRIBUTE! > require cas-attribute GROUP_ATTRIBUTE:ADMIN > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb40c26e-bc92-4667-b33c-4b7a8056c210%40apereo.org.
