Hi Ray,
Could you show me your config that returned properties roles=[ADMIN]?
And
Have you ever tried return this:
roles=[ROLE_ADMIN]
Like user.json
{
"casuser" : {
"roles" : [ "ROLE_ADMIN" ]
}
}
Since my CAS Management Error log like bellow:
WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - <Unable to
authorize access, since the authenticated profile [#CasProfile# | id: root
| attributes: {credentialType=UsernamePasswordCredential,
isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
authenticationMethod=users, successfulAuthenticationHandlers=users,
longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
| isRemembered: false | clientName: CasClient | linkedId: null |] does not
contain any required roles>
And I guess, If we could fill roles: [] (in red) become role: [ADMIN_ROLE],
it will run.
Thank you.
Vào Th 2, 31 thg 8, 2020 vào lúc 23:12 Ray Bon <r...@uvic.ca> đã viết:
> Nguyen,
>
> I am at this point in configuring cas management too.
> Our 4.x deploy of cas management used to look up the user in ldap (you
> would use mongo), and get the ADMIN attribute there. But the 6.1 version
> does not seem to use ldap (I configured it but no calls to ldap were made).
> Cas management uses cas protocol 3, which means that attributes can be
> returned. I have configured this and I am returning roles=[ADMIN]. This
> also seems to be ignored.
>
> Perhaps one of the developers of cas management could comment if the .json
> file is the only way to identify users and roles.
>
> Ray
>
> On Mon, 2020-08-31 at 14:02 +0700, Nguyen Tran Thanh Lam wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi Mr Jérôme LELEU,
> Yes I know this configuration but I have inconvenient process when I
> create new user.
> It means, when I create new user in MongoDB, CAS Overlay can authenticated
> new user (I must not restart cas service) but with CAS Management Web App,
> I must add this role for new user to user.json file and restart CAS
> Management Web App service.
> For example:
> First:
> I have already had one user with username is casuser and password =x1.
> I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
> Management Web app feature.
> Next:
> I add new user with username is casuser2 and password =x2.
> I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
> But with CAS Management Web App, I need modified user.json file like this
>
> {
>
>
> "casuser" : {
>
>
> "roles" : [ "ROLE_ADMIN" ]
>
>
> },
>
>
> "casuser2" : {
>
>
> "roles" : [ "ROLE_ADMIN" ]
>
>
> },
>
>
> }
>
> Then restart CAS Management service. After that, I could use this casuser2
> account for CAS Management Web App.
> It's very inconvenient, thus I hope any way to fix this role for all users.
> Please help me.
> Thank you in advance.
>
> Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU <lel...@gmail.com>
> đã viết:
>
> Hi,
>
> You need to add a *users.json* (or *users.yml* in YAML format) file in
> the classpath.
> For example:
>
> {
>
>
> "casuser" : {
>
>
> "roles" : [ "ROLE_ADMIN" ]
>
>
> }
>
>
> }
>
>
> Thanks.
> Best regards,
> Jérôme
>
>
> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
> naphaluan211...@gmail.com> a écrit :
>
>
> Hi,
>
> I have succeeded config CAS Overlay template 6.2.x can authenticated user
> that registed in MongoDB.
> Here is my config:
>
> 1. CAS Properties
> "name":"cas.authn.mongo.name","value":"users"
> "name":"cas.authn.mongo.database-name","value":"users"
> "name":"cas.authn.mongo.collection","value":"users"
> "name":"cas.authn.mongo.username-attribute","value":"username"
> "name":"cas.authn.mongo.password-attribute","value":"password"
> "name":"cas.authn.mongo.user-id","value":"casuser"
> "name":"cas.authn.mongo.password","value":"Mellon"
> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
> :port/users?authSource=admin&readPreference=primary&appname=MongoDB%20Compass%20Community&ssl=false"
> 2. And this is user properties in User collecion
>
> "username":"root",
> "password":"root",
> "lastname":"VNPT ADMIN",
> "useremail":"xxx",
> "usertel":"xxx"
>
> But, I have faced with problem about CAS Management Web App service.
> Here is CAS Management Web App log:
>
> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - <Unable to
> authorize access, since the authenticated profile [#CasProfile# | id: root
> | attributes: {credentialType=UsernamePasswordCredential,
> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
> authenticationMethod=users, successfulAuthenticationHandlers=users,
> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
> not contain any required roles*>
>
> Here is my service registry for CAS Manaement Web App:
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId":"^https://cas-server-domain:8088/cas-management.+";,
> "name" : "casManagement",
> "id" : 1,
> "evaluationOrder" : 1,
> "allowedAttributes":["cn","mail"]
> }
>
> CAS server succeed create and authorized access token for user (id = root)
> but CAS Management missing user's role.
>
> I don't know how to assign ROLE for user or indicate user's role fixed in
> service registry.
> Please help me.
> Thank you in advance.
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LydnJDBBuVcJzjGPE6bVPOQUAZkEaxz6J25bcT0kzKO_Q%40mail.gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LydnJDBBuVcJzjGPE6bVPOQUAZkEaxz6J25bcT0kzKO_Q%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c480bff7770629a1cefb115add03a25d5e8e2e32.camel%40uvic.ca
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c480bff7770629a1cefb115add03a25d5e8e2e32.camel%40uvic.ca?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAjOCxCtkL0UV%3DGwvu%3Dx5s04ZiVj87AkT7D5Uxj4j5p7iA%40mail.gmail.com.
