Yes, *require cas-attribute GROUP_ATTRIBUTE:ADMIN* is exactly what I needed but I am not using samlVaildate.
Thanks David for the reply and I hope to get the new release with this fix in it. On Tuesday, November 22, 2016 at 3:07:39 PM UTC-8, dhawes wrote: > > On 22 November 2016 at 16:40, pouria Mahmoudi <[email protected] > <javascript:>> wrote: > > Hi Everyone, > > I have a problem with getting group working with mod_auth_cas. > > > > Here is the snippet: > > <Location /my_app> > > <RequireAll> > > Authtype CAS > > Require valid-user > > Require group ADMIN > > CASAuthNHeader cas > > </RequireAll> > > </Location> > > > > I don't see any information related to group in CAS Cookie : > > > > <cacheEntry xmlns="http://uconn.edu/cas/mod_auth_cas";> > > <user>admin</user> > > <issued>1479847469143283</issued> > > <lastactive>1479847469145147</lastactive> > > <path>/my_app/</path> > > <ticket>ST-1-cJrtZmKMkuysdXXMXhRK-cas01.example.org</ticket> > > <secure /> > > </cacheEntry> > > > > I don't know what I missing. Any help would be appreciated. > > I'm going to assume you're using mod_auth_cas v1.1. > > Are you using a /samlValidate endpoint? Something like: > > CASValidateURL https://login.example.org/cas/samlValidate > CASValidateSAML On > > If so and you're not getting attributes, check with your CAS server admin. > > If you aren't using /samlValidate, the current version of mod_auth_cas > does not support CASv2 attributes with /serviceValidate. > > You have 2 options: > > 1. Use /samlValidate. > 2. Try this merge request: > https://github.com/Jasig/mod_auth_cas/pull/110. I've successfully > tested it and it should be merged soon. > > As for your require statement, you probably want something like: > > # assuming Apache 2.4 > # be sure to replace GROUP_ATTRIBUTE! > require cas-attribute GROUP_ATTRIBUTE:ADMIN > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb40c26e-bc92-4667-b33c-4b7a8056c210%40apereo.org.
