Kim,
We are using it. Included are our relevant config snippets. Remember to look in
your EZProxy messages file for the attributes being returned (with DEBUG on in
user.txt).
Erik Guss
--------------------
cas/WEB-INF/deployerConfigContext.xml snippet
<bean id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean
class="org.jasig.cas.services.RegisteredServiceImpl" >
<property name="id" value="1"/>
<property name="description" value="ALL"/>
<property name="serviceId"
value="*://*.lib.montana.edu/**"/>
<property name="name" value="All"/>
<property name="theme" value="default"/>
<property name="allowedToProxy" value="true"/>
<property name="enabled" value="true"/>
<property name="ssoEnabled" value="true"/>
<property name="anonymousAccess" value="false"/>
<property name="allowedAttributes">
<list>
<value>uid</value>
<value>role</value>
<value>netid</value>
<value>email</value>
<value>lfname</value>
<value>alias</value>
<value>banid</value>
<value>locaff</value>
<value>active</value>
<value>getscirc</value>
<value>getsill</value>
<value>getsproxy</value>
</list>
</property>
</bean>
---------------------
EZProxy user.txt snippet
::CAS
Debug
LoginURL https://auth.lib.montana.edu/cas/login
ServiceValidateURL https://auth.lib.montana.edu/cas/serviceValidate
Group NULL
Test -RE //*/cas:locaff (.*BZ.*); Group +MSU
Test -RE //*/cas:active (N); Deny unaffiliated.html
Test -RE //*/cas:getsproxy (N); Deny unaffiliated.html
NoGroups; Deny unaffiliated.html
/CAS
---------------------------
EZProxy config.txt snippet
# this is needed for CAS authn,authr via user.txt
Group MSU
-----Original Message-----
From: Cary, Kim [mailto:[email protected]]
Sent: Thursday, September 01, 2011 10:39 AM
To: [email protected]
Subject: [cas-user] OCLC/EZProxy says I can send attributes in response to
their GET /serviceValidate. Are they right?
Going a little nuts here. We have a working EZProxy integration with CAS. We're
trying to do authorization based on attributes that are returned by CAS, but
EZProxy is only sending us /serviceValidate ticket checks.
The OCLC support folks are saying that we just don't know how to configure our
CAS server to return those attributes. I'm saying they must have developed it
against some customized/extended CAS server, because what they're sending us
will NEVER result in an attribute return.
Who is right? (or some other explanation)
Is anyone using EZProxy with group authorization by CAS attributes?
--
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
