Hi Jérôm, Exactly what i wanted, I want to setup static roles for all user with CAS Management Web App service. If you know how to setup, please help me. Thank you in advance. Regards ------- Thanh Lam
Vào Th 3, 1 thg 9, 2020 vào lúc 13:19 Jérôme LELEU <[email protected]> đã viết: > Hi, > > Depending on your configuration, you have several options: either pick up > static roles (but I don't think this is what you want) or take some user's > attributes as roles or use the users file. > See: > https://github.com/apereo/cas-management/blob/master/config/cas-mgmt-config-authz/src/main/java/org/apereo/cas/mgmt/config/CasManagementAuthorizationConfiguration.java#L39 > Thanks. > Best regards, > Jérôme > > > Le lun. 31 août 2020 à 09:03, Nguyen Tran Thanh Lam < > [email protected]> a écrit : > >> Hi Mr Jérôme LELEU, >> Yes I know this configuration but I have inconvenient process when I >> create new user. >> It means, when I create new user in MongoDB, CAS Overlay can >> authenticated new user (I must not restart cas service) but with CAS >> Management Web App, I must add this role for new user to user.json file and >> restart CAS Management Web App service. >> For example: >> First: >> I have already had one user with username is casuser and password =x1. >> I could use casuser/x1 as CAS's account to use CAS Overlay and CAS >> Management Web app feature. >> Next: >> I add new user with username is casuser2 and password =x2. >> I could use casuser2/x2 as CAS's account to use CAS Overlay feature. >> But with CAS Management Web App, I need modified user.json file like this >> >> { >> "casuser" : { >> "roles" : [ "ROLE_ADMIN" ] >> }, >> "casuser2" : { >> "roles" : [ "ROLE_ADMIN" ] >> }, >> } >> >> Then restart CAS Management service. After that, I could use this >> casuser2 account for CAS Management Web App. >> It's very inconvenient, thus I hope any way to fix this role for all >> users. >> Please help me. >> Thank you in advance. >> >> Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU <[email protected]> >> đã viết: >> >>> Hi, >>> >>> You need to add a *users.json* (or *users.yml* in YAML format) file in >>> the classpath. >>> For example: >>> >>> { >>> "casuser" : { >>> "roles" : [ "ROLE_ADMIN" ] >>> } >>> } >>> >>> >>> Thanks. >>> Best regards, >>> Jérôme >>> >>> >>> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte < >>> [email protected]> a écrit : >>> >>>> >>>> Hi, >>>> >>>> I have succeeded config CAS Overlay template 6.2.x can authenticated >>>> user that registed in MongoDB. >>>> Here is my config: >>>> >>>> 1. CAS Properties >>>> "name":"cas.authn.mongo.name","value":"users" >>>> "name":"cas.authn.mongo.database-name","value":"users" >>>> "name":"cas.authn.mongo.collection","value":"users" >>>> "name":"cas.authn.mongo.username-attribute","value":"username" >>>> "name":"cas.authn.mongo.password-attribute","value":"password" >>>> "name":"cas.authn.mongo.user-id","value":"casuser" >>>> "name":"cas.authn.mongo.password","value":"Mellon" >>>> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel" >>>> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP >>>> :port/users?authSource=admin&readPreference=primary&appname=MongoDB%20Compass%20Community&ssl=false" >>>> 2. And this is user properties in User collecion >>>> >>>> "username":"root", >>>> "password":"root", >>>> "lastname":"VNPT ADMIN", >>>> "useremail":"xxx", >>>> "usertel":"xxx" >>>> >>>> But, I have faced with problem about CAS Management Web App service. >>>> Here is CAS Management Web App log: >>>> >>>> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - <Unable to >>>> authorize access, since the authenticated profile [#CasProfile# | id: root >>>> | attributes: {credentialType=UsernamePasswordCredential, >>>> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC], >>>> authenticationMethod=users, successfulAuthenticationHandlers=users, >>>> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: [] >>>> | isRemembered: false | clientName: CasClient | linkedId: null |] *does >>>> not contain any required roles*> >>>> >>>> Here is my service registry for CAS Manaement Web App: >>>> >>>> { >>>> "@class" : "org.apereo.cas.services.RegexRegisteredService", >>>> "serviceId":"^https://cas-server-domain:8088/cas-management.+";, >>>> "name" : "casManagement", >>>> "id" : 1, >>>> "evaluationOrder" : 1, >>>> "allowedAttributes":["cn","mail"] >>>> } >>>> >>>> CAS server succeed create and authorized access token for user (id = >>>> root) but CAS Management missing user's role. >>>> >>>> I don't know how to assign ROLE for user or indicate user's role fixed >>>> in service registry. >>>> Please help me. >>>> Thank you in advance. >>>> >>>> >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LydnJDBBuVcJzjGPE6bVPOQUAZkEaxz6J25bcT0kzKO_Q%40mail.gmail.com >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LydnJDBBuVcJzjGPE6bVPOQUAZkEaxz6J25bcT0kzKO_Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAimwpSpM0PV15%2BNp-jSeQpR5A_JduajPWy4Lv8RZPetfA%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAimwpSpM0PV15%2BNp-jSeQpR5A_JduajPWy4Lv8RZPetfA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LxYPF-%2B4d12qkokY6Rq8X1DT40SHYNuO4A9SnWpbbJYgw%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LxYPF-%2B4d12qkokY6Rq8X1DT40SHYNuO4A9SnWpbbJYgw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAhAF9DT_giYZ--4cMQRcLrkB0WUwXyZMKJu6H2-OMaxSg%40mail.gmail.com.
