On Sun, 26 Feb 2012, Matt Smith wrote: [ ... ] > > I found some issues online describing code patches that implement > > authorization using attributes: > > > > https://issues.jasig.org/browse/MAS-60 > > https://issues.jasig.org/browse/MAS-37 > > > > I gather this code is not included in the master version, and would > > need to be patched in, correct? It looks interesting, but I'm not > > sure I need it, what's in the master version may be sufficient. > > MAS-37 is closed, work is being tracked in MAS-60. You are correct > that these have not been committed yet, so it is not (yet) possible > to use Apache's "Require" directive with mod_auth_cas attributes > using the code in master. The attributes are still fetched and > released to the application.
OK, I'm now trying to use the patch from MAS-60. I installed it, but I'm having some problems. If I just have (in the .htaccess): Require valid-user or: Require user mepstein things work fine. But if I try just: Require cas-attribute LastName:Epstein it doesn't work. The following appears in the apache error log: ... access to /cas_test failed, reason: require directives present and no Authoritative handler., ... I think the attributes I'm expecting/requiring are OK, as, when I turn on debugging, I see the following in the log: ... [debug] mod_auth_cas.c(2021): ... adding the following cas-attribute(s) to request notes 'LastName:Epstein', ... I tried both "CASAuthoritative On" and "CASAuthoritative Off" in the main apache config (for the virtual host running under ssl), but the problem occurs regardless. Any ideas on what the problem/solution is? Do I need to specify some other apache *Authoritative* directive as On/Off? Does someone have this working, perhaps they can post the config they're using? Thanks. Milt Epstein Applications Developer Graduate School of Library and Information Science (GSLIS) University of Illinois at Urbana-Champaign (UIUC) [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
