On Mon, Mar 30, 2015 at 12:16 PM, Chris Cheltenham
<[email protected]> wrote:
> Gentlemen,
>
> I appreciate your thoughts and suggestions.
> .htacces may be the easiest way to go for us.
>
> The mod_authnz_ldap looks to be a bit hairy.
> Last thing I want to do it keep track of ldap attributes as it looks very
> granular in detail.
>
> Thank you for all our suggestions and I wish my boss would give me the time
> to actually work this out.
If you are using CASValidateSAML and the attributes you want to
authorize on are released there, you can do the following (from the
README):
=====
If SAML-delivered attribute authorization is also desired, use the
samlValidate URL, enable SAML validation, and specify cas-attribute
in your require rule (please note: both attribute name and value are
case-sensitive):
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL https://login.example.org/cas/login
CASValidateURL https://login.example.org/cas/samlValidate
CASValidateSAML On
<Location /secured>
Authtype CAS
require cas-attribute edupersonaffiliation:staff
</Location>
=====
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
