Dear All,
a little update of my case. When I create SAML Internal Source I can't
define a new rule because it's
impossible ! There are any filed that permit this action so I add an
HTTPASSWD
internal source and inside of it I create a rule named INFN-AAI-SAML.
After that I change INFN-AAI authorization field and restart PF so my
current authentication.conf is:
[local]
......
[INFN-AAI]
authorization_source_id=INFN-AAI-SAML
idp_ca_cert_path=/usr/local/pf/conf/ssl/idp.crt
sp_cert_path=/usr/local/pf/conf/ssl/server.crt
idp_metadata_path=/usr/local/pf/conf/idp-metadata.xml
set_access_level_action=
username_attribute=urn:oid:0.9.2342.19200300.100.1.1
idp_cert_path=/usr/local/pf/conf/ssl/idp.crt
description=INFN AAI
idp_entity_id=https://idp.infn.it/saml2/idp/metadata.php
sp_key_path=/usr/local/pf/conf/ssl/server.key
sp_entity_id=https://pfsrv.pg.infn.it
type=SAML
[INFN-AAI-SAML]
realms=local
set_access_level_action=
path=/usr/local/pf/pippo
description=INFN-AAI-SAML
type=Htpasswd
[INFN-AAI-SAML rule INFN-AAI-SAML]
action0=set_role=PF-WEB
condition0=SSID,equals,27
match=all
class=authentication
action1=set_access_duration=12h
and from packetfence.log:
Dec 12 16:38:08 pfsrv packetfence_httpd.portal: httpd.portal(16956)
INFO: [mac:a4:5e:60:c1:80:c3] User becchett has authenticated on the
portal. (Class::MOP::Class:::after)
Dec 12 16:38:08 pfsrv packetfence_httpd.portal: httpd.portal(16956)
WARN: [mac:a4:5e:60:c1:80:c3] Calling match with empty/invalid rule
class. Defaulting to 'authentication' (pf::authentication::match)
Dec 12 16:38:08 pfsrv packetfence_httpd.portal: httpd.portal(16956)
INFO: [mac:a4:5e:60:c1:80:c3] Using sources INFN-AAI for matching
(pf::authentication::match)
Dec 12 16:38:08 pfsrv packetfence_httpd.portal: httpd.portal(16956)
INFO: [mac:a4:5e:60:c1:80:c3] User becchett has authenticated on the
portal. (Class::MOP::Class:::after)
Dec 12 16:38:08 pfsrv packetfence_httpd.portal: httpd.portal(16956)
WARN: [mac:a4:5e:60:c1:80:c3] Calling match with empty/invalid rule
class. Defaulting to 'authentication' (pf::authentication::match)
Is there any BUG or is my mistake ?????
Thanks a lot !
Bye
Enrico
Il 12/12/2018 08:36, Enrico Becchetti via PacketFence-users ha scritto:
Il 12/12/2018 08:17, Nicolas Quiniou-Briand ha scritto:
Hello,
On 2018-12-12 7:46 a.m., Enrico Becchetti wrote:
Hello !
"Configuration->Policies and Access Control-> Roles" I've added
"PF-WEB",
"Max Nodes per user" equal to 0 and default Traffic Shaping.
You just create the role. To assign it, you need to create an
authentication rule in your authentication source. For SAML source,
you need to define first a source and then assign this source to your
SAML source :
https://packetfence.org/doc/PacketFence_Installation_Guide.html#_saml_authentication
Dear Nicolas ,
my goal is to permit to all authenticated users the use of the network.
So my authorization rule can be very simply: all or catchall etc.
You wrote "For SAML source, you need to define first a source and then
assign this source to your SAML source"
is right or there are too many "Source"????
It almost seems that to assign an authorization to SAML I have to
create a new source. Is that it?
In PacketFence_Installation_Guide there is INVERSE as authorization field
instead of my "local". So if I understand I need to create a new rule
and than assign
it to this SAML Source but inside "Configuration->Policies and Access
Control->"
there isn't.
thanks for your quick reply
Enrico
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it
______________________________________________________________________
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
