Hi Jérôm, Exactly what i wanted, I want to setup static roles for all user with CAS Management Web App service. If you know how to setup, please help me. Thank you in advance. Regards ------- Thanh Lam
Vào Th 3, 1 thg 9, 2020 vào lúc 13:19 Jérôme LELEU <lel...@gmail.com> đã viết: > Hi, > > Depending on your configuration, you have several options: either pick up > static roles (but I don't think this is what you want) or take some user's > attributes as roles or use the users file. > See: > https://github.com/apereo/cas-management/blob/master/config/cas-mgmt-config-authz/src/main/java/org/apereo/cas/mgmt/config/CasManagementAuthorizationConfiguration.java#L39 > Thanks. > Best regards, > Jérôme > > > Le lun. 31 août 2020 à 09:03, Nguyen Tran Thanh Lam < > naphaluan211...@gmail.com> a écrit : > >> Hi Mr Jérôme LELEU, >> Yes I know this configuration but I have inconvenient process when I >> create new user. >> It means, when I create new user in MongoDB, CAS Overlay can >> authenticated new user (I must not restart cas service) but with CAS >> Management Web App, I must add this role for new user to user.json file and >> restart CAS Management Web App service. >> For example: >> First: >> I have already had one user with username is casuser and password =x1. >> I could use casuser/x1 as CAS's account to use CAS Overlay and CAS >> Management Web app feature. >> Next: >> I add new user with username is casuser2 and password =x2. >> I could use casuser2/x2 as CAS's account to use CAS Overlay feature. >> But with CAS Management Web App, I need modified user.json file like this >> >> { >> "casuser" : { >> "roles" : [ "ROLE_ADMIN" ] >> }, >> "casuser2" : { >> "roles" : [ "ROLE_ADMIN" ] >> }, >> } >> >> Then restart CAS Management service. After that, I could use this >> casuser2 account for CAS Management Web App. >> It's very inconvenient, thus I hope any way to fix this role for all >> users. >> Please help me. >> Thank you in advance. >> >> Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU <lel...@gmail.com> >> đã viết: >> >>> Hi, >>> >>> You need to add a *users.json* (or *users.yml* in YAML format) file in >>> the classpath. >>> For example: >>> >>> { >>> "casuser" : { >>> "roles" : [ "ROLE_ADMIN" ] >>> } >>> } >>> >>> >>> Thanks. >>> Best regards, >>> Jérôme >>> >>> >>> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte < >>> naphaluan211...@gmail.com> a écrit : >>> >>>> >>>> Hi, >>>> >>>> I have succeeded config CAS Overlay template 6.2.x can authenticated >>>> user that registed in MongoDB. >>>> Here is my config: >>>> >>>> 1. CAS Properties >>>> "name":"cas.authn.mongo.name","value":"users" >>>> "name":"cas.authn.mongo.database-name","value":"users" >>>> "name":"cas.authn.mongo.collection","value":"users" >>>> "name":"cas.authn.mongo.username-attribute","value":"username" >>>> "name":"cas.authn.mongo.password-attribute","value":"password" >>>> "name":"cas.authn.mongo.user-id","value":"casuser" >>>> "name":"cas.authn.mongo.password","value":"Mellon" >>>> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel" >>>> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP >>>> :port/users?authSource=admin&readPreference=primary&appname=MongoDB%20Compass%20Community&ssl=false" >>>> 2. And this is user properties in User collecion >>>> >>>> "username":"root", >>>> "password":"root", >>>> "lastname":"VNPT ADMIN", >>>> "useremail":"xxx", >>>> "usertel":"xxx" >>>> >>>> But, I have faced with problem about CAS Management Web App service. >>>> Here is CAS Management Web App log: >>>> >>>> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - <Unable to >>>> authorize access, since the authenticated profile [#CasProfile# | id: root >>>> | attributes: {credentialType=UsernamePasswordCredential, >>>> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC], >>>> authenticationMethod=users, successfulAuthenticationHandlers=users, >>>> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: [] >>>> | isRemembered: false | clientName: CasClient | linkedId: null |] *does >>>> not contain any required roles*> >>>> >>>> Here is my service registry for CAS Manaement Web App: >>>> >>>> { >>>> "@class" : "org.apereo.cas.services.RegexRegisteredService", >>>> "serviceId":"^https://cas-server-domain:8088/cas-management.+";, >>>> "name" : "casManagement", >>>> "id" : 1, >>>> "evaluationOrder" : 1, >>>> "allowedAttributes":["cn","mail"] >>>> } >>>> >>>> CAS server succeed create and authorized access token for user (id = >>>> root) but CAS Management missing user's role. >>>> >>>> I don't know how to assign ROLE for user or indicate user's role fixed >>>> in service registry. >>>> Please help me. >>>> Thank you in advance. >>>> >>>> >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to cas-user+unsubscr...@apereo.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+unsubscr...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LydnJDBBuVcJzjGPE6bVPOQUAZkEaxz6J25bcT0kzKO_Q%40mail.gmail.com >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LydnJDBBuVcJzjGPE6bVPOQUAZkEaxz6J25bcT0kzKO_Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAimwpSpM0PV15%2BNp-jSeQpR5A_JduajPWy4Lv8RZPetfA%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAimwpSpM0PV15%2BNp-jSeQpR5A_JduajPWy4Lv8RZPetfA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LxYPF-%2B4d12qkokY6Rq8X1DT40SHYNuO4A9SnWpbbJYgw%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LxYPF-%2B4d12qkokY6Rq8X1DT40SHYNuO4A9SnWpbbJYgw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAhAF9DT_giYZ--4cMQRcLrkB0WUwXyZMKJu6H2-OMaxSg%40mail.gmail.com.
