We are using CAS 6.x. I have a SAML entry in my allow list that looks
similar to this:
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "Entity ID goes here ...",
"id": 1000,
"evaluationOrder": 1000,
"name": "SAML Provider",
"description": "Blah blah blah ...",
"attributeReleasePolicy": {
"@class":
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes": [
"java.util.ArrayList",
[
"eduPersonEntitlement"
]
],
"attributeFilter": {
"@class":
"org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter",
"completeMatch": false,
"excludeUnmappedAttributes": false,
"order": 0,
"patterns": {
"@class": "java.util.HashMap",
"eduPersonEntitlement": "^
https://example.lafayette.edu/authorized$";
}
}
},
"accessStrategy": {
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"unauthorizedRedirectUrl": "
https://example.lafayette.edu/pages/403.html";,
"requiredAttributes": {
"@class": "java.util.HashMap",
"eduPersonEntitlement": [
"java.util.HashSet",
[
"https://example.lafayette.edu/authorized";
]
]
}
},
"logo": "https://cdn.lafayette.edu/images/logos/example-100x100.png";,
"properties": {
"@class": "java.util.HashMap",
"InformationURL": {
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values": [
"java.util.HashSet",
[
"https://help.lafayette.edu/example";
]
]
}
}
}
Hope that helps.
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Thu, Sep 23, 2021 at 9:44 AM Nordy Di Marzio <nordyorton1...@gmail.com>
wrote:
> hello cas community,
>
>
>
> wish you are doing great,
>
>
>
> i am having little issues having to work access strategy with SAML based
> service
>
>
>
> more precisely, i am trying to implement access restrictions based on
> group membership but for now all users are able to logon on the app
> regardless of their group membership, and no error is being logged
>
>
>
> so i am wondring if there is somthing missing in my config, could you
> please help me find out what else should i configure ?
>
>
>
>
>
> this is the service file that i am using
>
> {
>
> "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
>
> "serviceId": "https://foo.bar/";,
>
> "name": "foo",
>
> "id": 10013986,
>
> "evaluationOrder": 3,
>
> "metadataLocation": "/etc/cas/saml/foo.xml",
>
> "attributeReleasePolicy": {
>
> "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>
> },
>
> "accessStrategy" : {
>
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>
> "enabled" : true,
>
> "requireAllAttributes" : false,
>
> "ssoEnabled" : true,
>
> "requiredAttributes" : {
>
> "@class" : "java.util.HashMap",
>
> "memberOf" : [ "java.util.HashSet", [
> "CN=GRP,CN=Users,DC=corp,DC=foo,DC=bar" ] ]
>
> }
>
> }
>
> }
>
>
>
> the cas version i am using is 5.1
>
>
>
> thank for your help,
>
> Nordy
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAA8Tp34kFCWYLEEB4nn8%3DcJki4WCkp-x0V208P%2BfRwdwyqKrXw%40mail.gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAA8Tp34kFCWYLEEB4nn8%3DcJki4WCkp-x0V208P%2BfRwdwyqKrXw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALt4NbP%3DS0iM1OYSRyeC9bhZ5RNj5QmgYDntDhpKR9i%3Da0e83g%40mail.gmail.com.
![https://cdn.lafayette.edu/images/logos/example-100x100.png"](https://cdn.lafayette.edu/images/logos/example-100x100.png"){kind=link}