On Fri, Jul 10, 2015 at 11:36 PM, Carl Waldbieser <[email protected]> wrote: > > Has anyone been able to use the `mod_auth_cas` `require cas-attribute` > directive to work with the `memberOf` or other multi-valued attribute?
I can verify that it works with multi-valued attributes. As noted in the README, both the attribute name and value are case-sensitive. > I have been able to get it to work using a single-valued attribute like: > > require cas-attribute givenName:Carl > OR > require cas-attribute email:[email protected] > > but if I try something like: > > require cas-attribute memberOf:cn=admins,ou=groups,o=lafayette > > I get an authorization error. Cranking the logs up to DEBUG shows the > attribute is in the CAS response, but mod_auth_cas still decides the > response doesn't match. Check that your require directive attribute and value match what is in the response exactly. I think for most use cases this should be case-insensitive. > I did notice the XML response in the log seems truncated. I wasn't sure if > this is because there is a limit to how much mod_auth_cas will write for a > given log entry. > > The README from my tarball says I am using MOD_AUTH_CAS 1.0.10. I tested with this version, so it should work. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
