Dear Fabrice and all ! I need a new help to solve this easy question.
My Linux Centos 7.1810 with PF 8.2.1 has the right SAML link to IDP but when device tries to connect this message is shown "you do not have permission to register a device with this username" so the authentication phase works fine but user can't use my network. If it can be useful there are config file: [root@pfsrv conf]# more profiles.conf [PF-WEB] locale=en_US,it_IT filter=vlan:27 description=PF-WEB sources=INFN-AAI logo=/common/infnpg-captive.png device_registration=default root_module=pf_web_root_portal_module [root@pfsrv conf]# more device_registration.conf [default] description=default allowed_devices= category= [root@pfsrv conf]# more authentication.conf [local] description=Local Users type=SQL [file1] description=Legacy Source path=/usr/local/pf/conf/admin.conf type=Htpasswd realms=null .... [null] description=Null Source type=Null email_required=no [null rule catchall] description=catchall class=authentication match=all action0=set_role=guest action1=set_access_duration=1D [INFN-AAI] authorization_source_id=local idp_ca_cert_path=/usr/local/pf/conf/ssl/idp.crt sp_cert_path=/usr/local/pf/conf/ssl/server.crt idp_metadata_path=/usr/local/pf/conf/idp-metadata.xml set_access_level_action= username_attribute=urn:oid:0.9.2342.19200300.100.1.1 idp_cert_path=/usr/local/pf/conf/ssl/idp.crt description=INFN AAI idp_entity_id=https://idp.infn.it/saml2/idp/metadata.php sp_key_path=/usr/local/pf/conf/ssl/server.key sp_entity_id=https://pfsrv.pg.infn.it type=SAML [root@pfsrv conf]# more roles.conf [PF-WEB] max_nodes_per_pid=0 notes=Rete PF-WEB Thanks a lot again. Best Regards Enrico -- _______________________________________________________________________ Enrico Becchetti Servizio di Calcolo e Reti Istituto Nazionale di Fisica Nucleare - Sezione di Perugia Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY) Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it ______________________________________________________________________ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users