Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry
Hi Jérôm,
I have done.
Thank you very much.
Vào Th 3, 1 thg 9, 2020 vào lúc 13:40 Jérôme LELEU đã
viết:
> Hi,
>
> Reading the code, you need to setup a * for the authzAttributes property.
> Something like this in your *management.properties* file:
> *mgmt.authzAttributes[0]=**
> Thanks.
> Best regards,
> Jérôme
>
>
> Le mar. 1 sept. 2020 à 08:35, Nguyen Tran Thanh Lam <
> naphaluan211...@gmail.com> a écrit :
>
>> Hi Jérôm,
>> Exactly what i wanted, I want to setup static roles for all user with CAS
>> Management Web App service.
>> If you know how to setup, please help me.
>> Thank you in advance.
>> Regards
>> ---
>> Thanh Lam
>>
>>
>> Vào Th 3, 1 thg 9, 2020 vào lúc 13:19 Jérôme LELEU
>> đã viết:
>>
>>> Hi,
>>>
>>> Depending on your configuration, you have several options: either pick
>>> up static roles (but I don't think this is what you want) or take some
>>> user's attributes as roles or use the users file.
>>> See:
>>> https://github.com/apereo/cas-management/blob/master/config/cas-mgmt-config-authz/src/main/java/org/apereo/cas/mgmt/config/CasManagementAuthorizationConfiguration.java#L39
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>> Le lun. 31 août 2020 à 09:03, Nguyen Tran Thanh Lam <
>>> naphaluan211...@gmail.com> a écrit :
>>>
Hi Mr Jérôme LELEU,
Yes I know this configuration but I have inconvenient process when I
create new user.
It means, when I create new user in MongoDB, CAS Overlay can
authenticated new user (I must not restart cas service) but with CAS
Management Web App, I must add this role for new user to user.json file and
restart CAS Management Web App service.
For example:
First:
I have already had one user with username is casuser and password =x1.
I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
Management Web app feature.
Next:
I add new user with username is casuser2 and password =x2.
I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
But with CAS Management Web App, I need modified user.json file like
this
{
"casuser" : {
"roles" : [ "ROLE_ADMIN" ]
},
"casuser2" : {
"roles" : [ "ROLE_ADMIN" ]
},
}
Then restart CAS Management service. After that, I could use this
casuser2 account for CAS Management Web App.
It's very inconvenient, thus I hope any way to fix this role for all
users.
Please help me.
Thank you in advance.
Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU
đã viết:
> Hi,
>
> You need to add a *users.json* (or *users.yml* in YAML format) file
> in the classpath.
> For example:
>
> {
> "casuser" : {
>"roles" : [ "ROLE_ADMIN" ]
> }
> }
>
>
> Thanks.
> Best regards,
> Jérôme
>
>
> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
> naphaluan211...@gmail.com> a écrit :
>
>>
>> Hi,
>>
>> I have succeeded config CAS Overlay template 6.2.x can authenticated
>> user that registed in MongoDB.
>> Here is my config:
>>
>> 1. CAS Properties
>> "name":"cas.authn.mongo.name","value":"users"
>> "name":"cas.authn.mongo.database-name","value":"users"
>> "name":"cas.authn.mongo.collection","value":"users"
>> "name":"cas.authn.mongo.username-attribute","value":"username"
>> "name":"cas.authn.mongo.password-attribute","value":"password"
>> "name":"cas.authn.mongo.user-id","value":"casuser"
>> "name":"cas.authn.mongo.password","value":"Mellon"
>>
>> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
>>
>> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
>> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
>> 2. And this is user properties in User collecion
>>
>> "username":"root",
>> "password":"root",
>> "lastname":"VNPT ADMIN",
>> "useremail":"xxx",
>> "usertel":"xxx"
>>
>> But, I have faced with problem about CAS Management Web App service.
>> Here is CAS Management Web App log:
>>
>> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - > authorize access, since the authenticated profile [#CasProfile# | id:
>> root
>> | attributes: {credentialType=UsernamePasswordCredential,
>> isFromNewLogin=false,
>> authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
>> authenticationMethod=users, successfulAuthenticationHandlers=users,
>> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions:
>> []
>> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
>> not contain any required roles*>
>>
>> Here is my service registry for CAS Manaement Web App:
>>
>> {
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>
Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry
Hi,
Reading the code, you need to setup a * for the authzAttributes property.
Something like this in your *management.properties* file:
*mgmt.authzAttributes[0]=**
Thanks.
Best regards,
Jérôme
Le mar. 1 sept. 2020 à 08:35, Nguyen Tran Thanh Lam <
naphaluan211...@gmail.com> a écrit :
> Hi Jérôm,
> Exactly what i wanted, I want to setup static roles for all user with CAS
> Management Web App service.
> If you know how to setup, please help me.
> Thank you in advance.
> Regards
> ---
> Thanh Lam
>
>
> Vào Th 3, 1 thg 9, 2020 vào lúc 13:19 Jérôme LELEU
> đã viết:
>
>> Hi,
>>
>> Depending on your configuration, you have several options: either pick up
>> static roles (but I don't think this is what you want) or take some user's
>> attributes as roles or use the users file.
>> See:
>> https://github.com/apereo/cas-management/blob/master/config/cas-mgmt-config-authz/src/main/java/org/apereo/cas/mgmt/config/CasManagementAuthorizationConfiguration.java#L39
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>> Le lun. 31 août 2020 à 09:03, Nguyen Tran Thanh Lam <
>> naphaluan211...@gmail.com> a écrit :
>>
>>> Hi Mr Jérôme LELEU,
>>> Yes I know this configuration but I have inconvenient process when I
>>> create new user.
>>> It means, when I create new user in MongoDB, CAS Overlay can
>>> authenticated new user (I must not restart cas service) but with CAS
>>> Management Web App, I must add this role for new user to user.json file and
>>> restart CAS Management Web App service.
>>> For example:
>>> First:
>>> I have already had one user with username is casuser and password =x1.
>>> I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
>>> Management Web app feature.
>>> Next:
>>> I add new user with username is casuser2 and password =x2.
>>> I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
>>> But with CAS Management Web App, I need modified user.json file like this
>>>
>>> {
>>> "casuser" : {
>>>"roles" : [ "ROLE_ADMIN" ]
>>> },
>>> "casuser2" : {
>>>"roles" : [ "ROLE_ADMIN" ]
>>> },
>>> }
>>>
>>> Then restart CAS Management service. After that, I could use this
>>> casuser2 account for CAS Management Web App.
>>> It's very inconvenient, thus I hope any way to fix this role for all
>>> users.
>>> Please help me.
>>> Thank you in advance.
>>>
>>> Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU
>>> đã viết:
>>>
Hi,
You need to add a *users.json* (or *users.yml* in YAML format) file in
the classpath.
For example:
{
"casuser" : {
"roles" : [ "ROLE_ADMIN" ]
}
}
Thanks.
Best regards,
Jérôme
Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
naphaluan211...@gmail.com> a écrit :
>
> Hi,
>
> I have succeeded config CAS Overlay template 6.2.x can authenticated
> user that registed in MongoDB.
> Here is my config:
>
> 1. CAS Properties
> "name":"cas.authn.mongo.name","value":"users"
> "name":"cas.authn.mongo.database-name","value":"users"
> "name":"cas.authn.mongo.collection","value":"users"
> "name":"cas.authn.mongo.username-attribute","value":"username"
> "name":"cas.authn.mongo.password-attribute","value":"password"
> "name":"cas.authn.mongo.user-id","value":"casuser"
> "name":"cas.authn.mongo.password","value":"Mellon"
>
> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
> 2. And this is user properties in User collecion
>
> "username":"root",
> "password":"root",
> "lastname":"VNPT ADMIN",
> "useremail":"xxx",
> "usertel":"xxx"
>
> But, I have faced with problem about CAS Management Web App service.
> Here is CAS Management Web App log:
>
> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - authorize access, since the authenticated profile [#CasProfile# | id: root
> | attributes: {credentialType=UsernamePasswordCredential,
> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
> authenticationMethod=users, successfulAuthenticationHandlers=users,
> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions:
> []
> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
> not contain any required roles*>
>
> Here is my service registry for CAS Manaement Web App:
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
> "name" : "casManagement",
> "id" : 1,
> "evaluationOrder" : 1,
> "allowedAttributes":["cn","mail"]
> }
>
> CAS server succeed create and authorized access token for user (id =
> root) but CAS Management missing
Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry
Hi Jérôm,
Exactly what i wanted, I want to setup static roles for all user with CAS
Management Web App service.
If you know how to setup, please help me.
Thank you in advance.
Regards
---
Thanh Lam
Vào Th 3, 1 thg 9, 2020 vào lúc 13:19 Jérôme LELEU đã
viết:
> Hi,
>
> Depending on your configuration, you have several options: either pick up
> static roles (but I don't think this is what you want) or take some user's
> attributes as roles or use the users file.
> See:
> https://github.com/apereo/cas-management/blob/master/config/cas-mgmt-config-authz/src/main/java/org/apereo/cas/mgmt/config/CasManagementAuthorizationConfiguration.java#L39
> Thanks.
> Best regards,
> Jérôme
>
>
> Le lun. 31 août 2020 à 09:03, Nguyen Tran Thanh Lam <
> naphaluan211...@gmail.com> a écrit :
>
>> Hi Mr Jérôme LELEU,
>> Yes I know this configuration but I have inconvenient process when I
>> create new user.
>> It means, when I create new user in MongoDB, CAS Overlay can
>> authenticated new user (I must not restart cas service) but with CAS
>> Management Web App, I must add this role for new user to user.json file and
>> restart CAS Management Web App service.
>> For example:
>> First:
>> I have already had one user with username is casuser and password =x1.
>> I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
>> Management Web app feature.
>> Next:
>> I add new user with username is casuser2 and password =x2.
>> I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
>> But with CAS Management Web App, I need modified user.json file like this
>>
>> {
>> "casuser" : {
>>"roles" : [ "ROLE_ADMIN" ]
>> },
>> "casuser2" : {
>>"roles" : [ "ROLE_ADMIN" ]
>> },
>> }
>>
>> Then restart CAS Management service. After that, I could use this
>> casuser2 account for CAS Management Web App.
>> It's very inconvenient, thus I hope any way to fix this role for all
>> users.
>> Please help me.
>> Thank you in advance.
>>
>> Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU
>> đã viết:
>>
>>> Hi,
>>>
>>> You need to add a *users.json* (or *users.yml* in YAML format) file in
>>> the classpath.
>>> For example:
>>>
>>> {
>>> "casuser" : {
>>>"roles" : [ "ROLE_ADMIN" ]
>>> }
>>> }
>>>
>>>
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
>>> naphaluan211...@gmail.com> a écrit :
>>>
Hi,
I have succeeded config CAS Overlay template 6.2.x can authenticated
user that registed in MongoDB.
Here is my config:
1. CAS Properties
"name":"cas.authn.mongo.name","value":"users"
"name":"cas.authn.mongo.database-name","value":"users"
"name":"cas.authn.mongo.collection","value":"users"
"name":"cas.authn.mongo.username-attribute","value":"username"
"name":"cas.authn.mongo.password-attribute","value":"password"
"name":"cas.authn.mongo.user-id","value":"casuser"
"name":"cas.authn.mongo.password","value":"Mellon"
"name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
"name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
:port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
2. And this is user properties in User collecion
"username":"root",
"password":"root",
"lastname":"VNPT ADMIN",
"useremail":"xxx",
"usertel":"xxx"
But, I have faced with problem about CAS Management Web App service.
Here is CAS Management Web App log:
WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - >>> authorize access, since the authenticated profile [#CasProfile# | id: root
| attributes: {credentialType=UsernamePasswordCredential,
isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
authenticationMethod=users, successfulAuthenticationHandlers=users,
longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
| isRemembered: false | clientName: CasClient | linkedId: null |] *does
not contain any required roles*>
Here is my service registry for CAS Manaement Web App:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId":"^https://cas-server-domain:8088/cas-management.+;,
"name" : "casManagement",
"id" : 1,
"evaluationOrder" : 1,
"allowedAttributes":["cn","mail"]
}
CAS server succeed create and authorized access token for user (id =
root) but CAS Management missing user's role.
I don't know how to assign ROLE for user or indicate user's role fixed
in service registry.
Please help me.
Thank you in advance.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to
Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry
Hi,
Depending on your configuration, you have several options: either pick up
static roles (but I don't think this is what you want) or take some user's
attributes as roles or use the users file.
See:
https://github.com/apereo/cas-management/blob/master/config/cas-mgmt-config-authz/src/main/java/org/apereo/cas/mgmt/config/CasManagementAuthorizationConfiguration.java#L39
Thanks.
Best regards,
Jérôme
Le lun. 31 août 2020 à 09:03, Nguyen Tran Thanh Lam <
naphaluan211...@gmail.com> a écrit :
> Hi Mr Jérôme LELEU,
> Yes I know this configuration but I have inconvenient process when I
> create new user.
> It means, when I create new user in MongoDB, CAS Overlay can authenticated
> new user (I must not restart cas service) but with CAS Management Web App,
> I must add this role for new user to user.json file and restart CAS
> Management Web App service.
> For example:
> First:
> I have already had one user with username is casuser and password =x1.
> I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
> Management Web app feature.
> Next:
> I add new user with username is casuser2 and password =x2.
> I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
> But with CAS Management Web App, I need modified user.json file like this
>
> {
> "casuser" : {
>"roles" : [ "ROLE_ADMIN" ]
> },
> "casuser2" : {
>"roles" : [ "ROLE_ADMIN" ]
> },
> }
>
> Then restart CAS Management service. After that, I could use this casuser2
> account for CAS Management Web App.
> It's very inconvenient, thus I hope any way to fix this role for all users.
> Please help me.
> Thank you in advance.
>
> Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU
> đã viết:
>
>> Hi,
>>
>> You need to add a *users.json* (or *users.yml* in YAML format) file in
>> the classpath.
>> For example:
>>
>> {
>> "casuser" : {
>>"roles" : [ "ROLE_ADMIN" ]
>> }
>> }
>>
>>
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
>> naphaluan211...@gmail.com> a écrit :
>>
>>>
>>> Hi,
>>>
>>> I have succeeded config CAS Overlay template 6.2.x can authenticated
>>> user that registed in MongoDB.
>>> Here is my config:
>>>
>>> 1. CAS Properties
>>> "name":"cas.authn.mongo.name","value":"users"
>>> "name":"cas.authn.mongo.database-name","value":"users"
>>> "name":"cas.authn.mongo.collection","value":"users"
>>> "name":"cas.authn.mongo.username-attribute","value":"username"
>>> "name":"cas.authn.mongo.password-attribute","value":"password"
>>> "name":"cas.authn.mongo.user-id","value":"casuser"
>>> "name":"cas.authn.mongo.password","value":"Mellon"
>>> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
>>> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
>>> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
>>> 2. And this is user properties in User collecion
>>>
>>> "username":"root",
>>> "password":"root",
>>> "lastname":"VNPT ADMIN",
>>> "useremail":"xxx",
>>> "usertel":"xxx"
>>>
>>> But, I have faced with problem about CAS Management Web App service.
>>> Here is CAS Management Web App log:
>>>
>>> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - >> authorize access, since the authenticated profile [#CasProfile# | id: root
>>> | attributes: {credentialType=UsernamePasswordCredential,
>>> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
>>> authenticationMethod=users, successfulAuthenticationHandlers=users,
>>> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
>>> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
>>> not contain any required roles*>
>>>
>>> Here is my service registry for CAS Manaement Web App:
>>>
>>> {
>>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>> "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
>>> "name" : "casManagement",
>>> "id" : 1,
>>> "evaluationOrder" : 1,
>>> "allowedAttributes":["cn","mail"]
>>> }
>>>
>>> CAS server succeed create and authorized access token for user (id =
>>> root) but CAS Management missing user's role.
>>>
>>> I don't know how to assign ROLE for user or indicate user's role fixed
>>> in service registry.
>>> Please help me.
>>> Thank you in advance.
>>>
>>>
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org
>>>
Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry
Hi Mr Ray,
I have checked again with your service register for CAS Management but it
have this error:
This is CAS Server log
=
WHO: root
WHAT: [result=Service Access Denied,service=
https://casoverlay.vdc2.com.vn:8088/c...,principal=SimplePrincipal(id=root,
attributes={userstatus=[ACTIVE], roles=[ROLE_ADMIN], usertype=[ADMIN_VNPT],
usertel=[0907888510], lastname=[VNPT ADMIN], comdepartment=[GP2],
_id=[5ebd04f32f378500220a], comid=[VNPT], userparentid=[],
usercode=[VNPT001], userdate=[19-04-2020], useremail=[
nguyentranthanh...@vnpt.vn]}),requiredAttributes={description=[ROLE_ADMIN]}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Mon Aug 31 21:10:39 PDT 2020
CLIENT IP ADDRESS: 203.162.36.241
SERVER IP ADDRESS: 203.162.141.22
=
And this is CAS Management error
[image: image.png]
So tired, I decide skip this issue and hop CAS developer team will fix this
problem.
Thank you Mr Ray.
Vào Th 3, 1 thg 9, 2020 vào lúc 00:36 Ray Bon đã viết:
> Nguyen,
>
> I configured cas properties for attributes (since the admins are under a
> different tree, than the authentication tree) and the role is in the
> description attribute:
>
> cas.authn.attributeRepository.ldap[2].id=administrators
> cas.authn.attributeRepository.ldap[2].order=2
>
> cas.authn.attributeRepository.ldap[2].attributes.uvicEduPersonYubiKeyID=uvicEduPersonYubiKeyID
>
> cas.authn.attributeRepository.ldap[2].attributes.eduPersonEntitlement=eduPersonEntitlement
> cas.authn.attributeRepository.ldap[2].attributes.description=description
> cas.authn.attributeRepository.ldap[2].ldapUrl=ldaps://
> ldaplocal.uvic.ca:636
> cas.authn.attributeRepository.ldap[2].connectTimeout=PT3S
>
> cas.authn.attributeRepository.ldap[2].baseDn=ou=administrators,ou=CAS,ou=applications,dc=uvic,dc=ca
> cas.authn.attributeRepository.ldap[2].subtreeSearch=true
> cas.authn.attributeRepository.ldap[2].searchFilter=uid={user}
> cas.authn.attributeRepository.ldap[2].bindDn=cn=Auth
> Manager,ou=CAS,ou=UVON,ou=administrators,dc=uvic,dc=ca
> cas.authn.attributeRepository.ldap[2].bindCredential=
>
> I then modified the service definition to return a mapped attribute
> (description -> roles):
>
> {
> "@class": "org.apereo.cas.services.RegexRegisteredService",
> "serviceId": "^https://local\\.uvic\\.ca/cas-management/.*;,
> "name": "Services Management Web Application on local",
> "id": 50,
> "description": "Services Management Web Application on developer
> workstation",
> "expirationPolicy":
> {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy",
> "deleteWhenExpired": false,
> "notifyWhenDeleted": false,
> "notifyWhenExpired": false
> },
> "proxyPolicy":
> {
> "@class": "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"
> },
> "proxyTicketExpirationPolicy":
> {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy",
> "numberOfUses": 0
> },
> "serviceTicketExpirationPolicy":
> {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy",
> "numberOfUses": 0
> },
> "evaluationOrder": 0,
> "usernameAttributeProvider":
> {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider",
> "canonicalizationMode": "NONE",
> "encryptUsername": false
> },
> "logoutType": "BACK_CHANNEL",
> "requiredHandlers":
> [
> "java.util.HashSet",[]
> ],
> "environments":
> [
> "java.util.HashSet",[]
> ],
> "attributeReleasePolicy":
> {
> "@class": "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
> "allowedAttributes":
> {
> "@class": "java.util.TreeMap",
> "description":
> [
> "java.util.ArrayList",
> [
> "roles"
> ]
> ]
> },
> "principalAttributesRepository":
> {
> "@class":
> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository",
> "mergingStrategy": "MULTIVALUED",
> "ignoreResolvedAttributes": false
> },
> "consentPolicy":
> {
> "@class":
> "org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy",
> "enabled": true,
> "order": 0
> },
> "authorizedToReleaseCredentialPassword": false,
> "authorizedToReleaseProxyGrantingTicket": false,
> "excludeDefaultAttributes": false,
> "authorizedToReleaseAuthenticationAttributes": true,
> "order": 0
> },
> "multifactorPolicy":
> {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
> "multifactorAuthenticationProviders":
> [
> "java.util.HashSet",[]
> ],
> "failureMode": "CLOSED",
> "bypassEnabled": false,
> "forceExecution": false,
> "bypassTrustedDeviceEnabled": false
> },
> "logoutUrl":
Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry
Nguyen,
I configured cas properties for attributes (since the admins are under a
different tree, than the authentication tree) and the role is in the
description attribute:
cas.authn.attributeRepository.ldap[2].id=administrators
cas.authn.attributeRepository.ldap[2].order=2
cas.authn.attributeRepository.ldap[2].attributes.uvicEduPersonYubiKeyID=uvicEduPersonYubiKeyID
cas.authn.attributeRepository.ldap[2].attributes.eduPersonEntitlement=eduPersonEntitlement
cas.authn.attributeRepository.ldap[2].attributes.description=description
cas.authn.attributeRepository.ldap[2].ldapUrl=ldaps://ldaplocal.uvic.ca:636
cas.authn.attributeRepository.ldap[2].connectTimeout=PT3S
cas.authn.attributeRepository.ldap[2].baseDn=ou=administrators,ou=CAS,ou=applications,dc=uvic,dc=ca
cas.authn.attributeRepository.ldap[2].subtreeSearch=true
cas.authn.attributeRepository.ldap[2].searchFilter=uid={user}
cas.authn.attributeRepository.ldap[2].bindDn=cn=Auth
Manager,ou=CAS,ou=UVON,ou=administrators,dc=uvic,dc=ca
cas.authn.attributeRepository.ldap[2].bindCredential=
I then modified the service definition to return a mapped attribute
(description -> roles):
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "^https://local\\.uvic\\.ca/cas-management/.*;,
"name": "Services Management Web Application on local",
"id": 50,
"description": "Services Management Web Application on developer workstation",
"expirationPolicy":
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy",
"deleteWhenExpired": false,
"notifyWhenDeleted": false,
"notifyWhenExpired": false
},
"proxyPolicy":
{
"@class": "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"proxyTicketExpirationPolicy":
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy",
"numberOfUses": 0
},
"serviceTicketExpirationPolicy":
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy",
"numberOfUses": 0
},
"evaluationOrder": 0,
"usernameAttributeProvider":
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider",
"canonicalizationMode": "NONE",
"encryptUsername": false
},
"logoutType": "BACK_CHANNEL",
"requiredHandlers":
[
"java.util.HashSet",[]
],
"environments":
[
"java.util.HashSet",[]
],
"attributeReleasePolicy":
{
"@class": "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes":
{
"@class": "java.util.TreeMap",
"description":
[
"java.util.ArrayList",
[
"roles"
]
]
},
"principalAttributesRepository":
{
"@class":
"org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository",
"mergingStrategy": "MULTIVALUED",
"ignoreResolvedAttributes": false
},
"consentPolicy":
{
"@class":
"org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy",
"enabled": true,
"order": 0
},
"authorizedToReleaseCredentialPassword": false,
"authorizedToReleaseProxyGrantingTicket": false,
"excludeDefaultAttributes": false,
"authorizedToReleaseAuthenticationAttributes": true,
"order": 0
},
"multifactorPolicy":
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"multifactorAuthenticationProviders":
[
"java.util.HashSet",[]
],
"failureMode": "CLOSED",
"bypassEnabled": false,
"forceExecution": false,
"bypassTrustedDeviceEnabled": false
},
"logoutUrl": "https://local.uvic.ca/cas/logout;,
"accessStrategy":
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"order": 0,
"enabled": true,
"ssoEnabled": true,
"delegatedAuthenticationPolicy":
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
"allowedProviders":
[
"java.util.ArrayList",[]
],
"permitUndefined": true,
"exclusive": false
},
"requireAllAttributes": true,
"requiredAttributes":
{
"@class": "java.util.LinkedHashMap",
"description":
[
"java.util.HashSet",
[
"ADMIN"
]
]
},
"rejectedAttributes":
{
"@class": "java.util.LinkedHashMap"
},
"caseInsensitive": false
},
"properties":
{
"@class": "java.util.LinkedHashMap",
"test":
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values":
[
"java.util.HashSet",
[
"FALSE"
]
]
}
},
"contacts":
[
"java.util.ArrayList",[]
]
}
I am going to edit our ldap data today to change from ADMIN to ROLE_ADMIN. (I
got the attribute release working on Friday.)
You can see the attributes in cas management with this logging
Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry
Hi Ray,
Could you show me your config that returned properties roles=[ADMIN]?
And
Have you ever tried return this:
roles=[ROLE_ADMIN]
Like user.json
{
"casuser" : {
"roles" : [ "ROLE_ADMIN" ]
}
}
Since my CAS Management Error log like bellow:
WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] -
And I guess, If we could fill roles: [] (in red) become role: [ADMIN_ROLE],
it will run.
Thank you.
Vào Th 2, 31 thg 8, 2020 vào lúc 23:12 Ray Bon đã viết:
> Nguyen,
>
> I am at this point in configuring cas management too.
> Our 4.x deploy of cas management used to look up the user in ldap (you
> would use mongo), and get the ADMIN attribute there. But the 6.1 version
> does not seem to use ldap (I configured it but no calls to ldap were made).
> Cas management uses cas protocol 3, which means that attributes can be
> returned. I have configured this and I am returning roles=[ADMIN]. This
> also seems to be ignored.
>
> Perhaps one of the developers of cas management could comment if the .json
> file is the only way to identify users and roles.
>
> Ray
>
> On Mon, 2020-08-31 at 14:02 +0700, Nguyen Tran Thanh Lam wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi Mr Jérôme LELEU,
> Yes I know this configuration but I have inconvenient process when I
> create new user.
> It means, when I create new user in MongoDB, CAS Overlay can authenticated
> new user (I must not restart cas service) but with CAS Management Web App,
> I must add this role for new user to user.json file and restart CAS
> Management Web App service.
> For example:
> First:
> I have already had one user with username is casuser and password =x1.
> I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
> Management Web app feature.
> Next:
> I add new user with username is casuser2 and password =x2.
> I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
> But with CAS Management Web App, I need modified user.json file like this
>
> {
>
>
> "casuser" : {
>
>
>"roles" : [ "ROLE_ADMIN" ]
>
>
> },
>
>
> "casuser2" : {
>
>
>"roles" : [ "ROLE_ADMIN" ]
>
>
> },
>
>
> }
>
> Then restart CAS Management service. After that, I could use this casuser2
> account for CAS Management Web App.
> It's very inconvenient, thus I hope any way to fix this role for all users.
> Please help me.
> Thank you in advance.
>
> Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU
> đã viết:
>
> Hi,
>
> You need to add a *users.json* (or *users.yml* in YAML format) file in
> the classpath.
> For example:
>
> {
>
>
> "casuser" : {
>
>
>"roles" : [ "ROLE_ADMIN" ]
>
>
> }
>
>
> }
>
>
> Thanks.
> Best regards,
> Jérôme
>
>
> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
> naphaluan211...@gmail.com> a écrit :
>
>
> Hi,
>
> I have succeeded config CAS Overlay template 6.2.x can authenticated user
> that registed in MongoDB.
> Here is my config:
>
> 1. CAS Properties
> "name":"cas.authn.mongo.name","value":"users"
> "name":"cas.authn.mongo.database-name","value":"users"
> "name":"cas.authn.mongo.collection","value":"users"
> "name":"cas.authn.mongo.username-attribute","value":"username"
> "name":"cas.authn.mongo.password-attribute","value":"password"
> "name":"cas.authn.mongo.user-id","value":"casuser"
> "name":"cas.authn.mongo.password","value":"Mellon"
> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
> 2. And this is user properties in User collecion
>
> "username":"root",
> "password":"root",
> "lastname":"VNPT ADMIN",
> "useremail":"xxx",
> "usertel":"xxx"
>
> But, I have faced with problem about CAS Management Web App service.
> Here is CAS Management Web App log:
>
> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - authorize access, since the authenticated profile [#CasProfile# | id: root
> | attributes: {credentialType=UsernamePasswordCredential,
> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
> authenticationMethod=users, successfulAuthenticationHandlers=users,
> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
> not contain any required roles*>
>
> Here is my service registry for CAS Manaement Web App:
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
> "name" : "casManagement",
> "id" : 1,
> "evaluationOrder" : 1,
> "allowedAttributes":["cn","mail"]
> }
>
> CAS server succeed create and authorized access token for user (id = root)
> but CAS Management missing user's role.
>
> I don't know how to assign ROLE for user or indicate user's role fixed in
> service registry.
> Please help me.
>
Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry
Nguyen,
I am at this point in configuring cas management too.
Our 4.x deploy of cas management used to look up the user in ldap (you would
use mongo), and get the ADMIN attribute there. But the 6.1 version does not
seem to use ldap (I configured it but no calls to ldap were made).
Cas management uses cas protocol 3, which means that attributes can be
returned. I have configured this and I am returning roles=[ADMIN]. This also
seems to be ignored.
Perhaps one of the developers of cas management could comment if the .json file
is the only way to identify users and roles.
Ray
On Mon, 2020-08-31 at 14:02 +0700, Nguyen Tran Thanh Lam wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hi Mr Jérôme LELEU,
Yes I know this configuration but I have inconvenient process when I create new
user.
It means, when I create new user in MongoDB, CAS Overlay can authenticated new
user (I must not restart cas service) but with CAS Management Web App, I must
add this role for new user to user.json file and restart CAS Management Web App
service.
For example:
First:
I have already had one user with username is casuser and password =x1.
I could use casuser/x1 as CAS's account to use CAS Overlay and CAS Management
Web app feature.
Next:
I add new user with username is casuser2 and password =x2.
I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
But with CAS Management Web App, I need modified user.json file like this
{
"casuser" : {
"roles" : [ "ROLE_ADMIN" ]
},
"casuser2" : {
"roles" : [ "ROLE_ADMIN" ]
},
}
Then restart CAS Management service. After that, I could use this casuser2
account for CAS Management Web App.
It's very inconvenient, thus I hope any way to fix this role for all users.
Please help me.
Thank you in advance.
Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU
mailto:lel...@gmail.com>> đã viết:
Hi,
You need to add a users.json (or users.yml in YAML format) file in the
classpath.
For example:
{
"casuser" : {
"roles" : [ "ROLE_ADMIN" ]
}
}
Thanks.
Best regards,
Jérôme
Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte
mailto:naphaluan211...@gmail.com>> a écrit :
Hi,
I have succeeded config CAS Overlay template 6.2.x can authenticated user that
registed in MongoDB.
Here is my config:
1. CAS Properties
"name":"cas.authn.mongo.name","value":"users"
"name":"cas.authn.mongo.database-name","value":"users"
"name":"cas.authn.mongo.collection","value":"users"
"name":"cas.authn.mongo.username-attribute","value":"username"
"name":"cas.authn.mongo.password-attribute","value":"password"
"name":"cas.authn.mongo.user-id","value":"casuser"
"name":"cas.authn.mongo.password","value":"Mellon"
"name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
"name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP:port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
2. And this is user properties in User collecion
"username":"root",
"password":"root",
"lastname":"VNPT ADMIN",
"useremail":"xxx",
"usertel":"xxx"
But, I have faced with problem about CAS Management Web App service.
Here is CAS Management Web App log:
WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] -
Here is my service registry for CAS Manaement Web App:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId":"^https://cas-server-domain:8088/cas-management.+;,
"name" : "casManagement",
"id" : 1,
"evaluationOrder" : 1,
"allowedAttributes":["cn","mail"]
}
CAS server succeed create and authorized access token for user (id = root) but
CAS Management missing user's role.
I don't know how to assign ROLE for user or indicate user's role fixed in
service registry.
Please help me.
Thank you in advance.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry
Hi Mr Jérôme LELEU,
Yes I know this configuration but I have inconvenient process when I create
new user.
It means, when I create new user in MongoDB, CAS Overlay can authenticated
new user (I must not restart cas service) but with CAS Management Web App,
I must add this role for new user to user.json file and restart CAS
Management Web App service.
For example:
First:
I have already had one user with username is casuser and password =x1.
I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
Management Web app feature.
Next:
I add new user with username is casuser2 and password =x2.
I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
But with CAS Management Web App, I need modified user.json file like this
{
"casuser" : {
"roles" : [ "ROLE_ADMIN" ]
},
"casuser2" : {
"roles" : [ "ROLE_ADMIN" ]
},
}
Then restart CAS Management service. After that, I could use this casuser2
account for CAS Management Web App.
It's very inconvenient, thus I hope any way to fix this role for all users.
Please help me.
Thank you in advance.
Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU đã
viết:
> Hi,
>
> You need to add a *users.json* (or *users.yml* in YAML format) file in
> the classpath.
> For example:
>
> {
> "casuser" : {
>"roles" : [ "ROLE_ADMIN" ]
> }
> }
>
>
> Thanks.
> Best regards,
> Jérôme
>
>
> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
> naphaluan211...@gmail.com> a écrit :
>
>>
>> Hi,
>>
>> I have succeeded config CAS Overlay template 6.2.x can authenticated user
>> that registed in MongoDB.
>> Here is my config:
>>
>> 1. CAS Properties
>> "name":"cas.authn.mongo.name","value":"users"
>> "name":"cas.authn.mongo.database-name","value":"users"
>> "name":"cas.authn.mongo.collection","value":"users"
>> "name":"cas.authn.mongo.username-attribute","value":"username"
>> "name":"cas.authn.mongo.password-attribute","value":"password"
>> "name":"cas.authn.mongo.user-id","value":"casuser"
>> "name":"cas.authn.mongo.password","value":"Mellon"
>> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
>> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
>> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
>> 2. And this is user properties in User collecion
>>
>> "username":"root",
>> "password":"root",
>> "lastname":"VNPT ADMIN",
>> "useremail":"xxx",
>> "usertel":"xxx"
>>
>> But, I have faced with problem about CAS Management Web App service.
>> Here is CAS Management Web App log:
>>
>> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - > authorize access, since the authenticated profile [#CasProfile# | id: root
>> | attributes: {credentialType=UsernamePasswordCredential,
>> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
>> authenticationMethod=users, successfulAuthenticationHandlers=users,
>> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
>> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
>> not contain any required roles*>
>>
>> Here is my service registry for CAS Manaement Web App:
>>
>> {
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
>> "name" : "casManagement",
>> "id" : 1,
>> "evaluationOrder" : 1,
>> "allowedAttributes":["cn","mail"]
>> }
>>
>> CAS server succeed create and authorized access token for user (id =
>> root) but CAS Management missing user's role.
>>
>> I don't know how to assign ROLE for user or indicate user's role fixed in
>> service registry.
>> Please help me.
>> Thank you in advance.
>>
>>
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org
>>
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LydnJDBBuVcJzjGPE6bVPOQUAZkEaxz6J25bcT0kzKO_Q%40mail.gmail.com
>
Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry
Hi,
You need to add a *users.json* (or *users.yml* in YAML format) file in the
classpath.
For example:
{
"casuser" : {
"roles" : [ "ROLE_ADMIN" ]
}
}
Thanks.
Best regards,
Jérôme
Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte
a écrit :
>
> Hi,
>
> I have succeeded config CAS Overlay template 6.2.x can authenticated user
> that registed in MongoDB.
> Here is my config:
>
> 1. CAS Properties
> "name":"cas.authn.mongo.name","value":"users"
> "name":"cas.authn.mongo.database-name","value":"users"
> "name":"cas.authn.mongo.collection","value":"users"
> "name":"cas.authn.mongo.username-attribute","value":"username"
> "name":"cas.authn.mongo.password-attribute","value":"password"
> "name":"cas.authn.mongo.user-id","value":"casuser"
> "name":"cas.authn.mongo.password","value":"Mellon"
> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
> 2. And this is user properties in User collecion
>
> "username":"root",
> "password":"root",
> "lastname":"VNPT ADMIN",
> "useremail":"xxx",
> "usertel":"xxx"
>
> But, I have faced with problem about CAS Management Web App service.
> Here is CAS Management Web App log:
>
> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - authorize access, since the authenticated profile [#CasProfile# | id: root
> | attributes: {credentialType=UsernamePasswordCredential,
> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
> authenticationMethod=users, successfulAuthenticationHandlers=users,
> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
> not contain any required roles*>
>
> Here is my service registry for CAS Manaement Web App:
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
> "name" : "casManagement",
> "id" : 1,
> "evaluationOrder" : 1,
> "allowedAttributes":["cn","mail"]
> }
>
> CAS server succeed create and authorized access token for user (id = root)
> but CAS Management missing user's role.
>
> I don't know how to assign ROLE for user or indicate user's role fixed in
> service registry.
> Please help me.
> Thank you in advance.
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org
>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LydnJDBBuVcJzjGPE6bVPOQUAZkEaxz6J25bcT0kzKO_Q%40mail.gmail.com.
Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry
Sorry,
Could you use English, please?
Vào Th 5, 27 thg 8, 2020 vào lúc 22:28 Victor Manuel Contreras Ponce <
victormanuelcontrerasponce...@gmail.com> đã viết:
> No melo podrá mandar en español
>
> El jue., 27 de agosto de 2020 7:11 a. m., Napoleon Ponaparte <
> naphaluan211...@gmail.com> escribió:
>
>>
>> Hi,
>>
>> I have succeeded config CAS Overlay template 6.2.x can authenticated user
>> that registed in MongoDB.
>> Here is my config:
>>
>> 1. CAS Properties
>> "name":"cas.authn.mongo.name","value":"users"
>> "name":"cas.authn.mongo.database-name","value":"users"
>> "name":"cas.authn.mongo.collection","value":"users"
>> "name":"cas.authn.mongo.username-attribute","value":"username"
>> "name":"cas.authn.mongo.password-attribute","value":"password"
>> "name":"cas.authn.mongo.user-id","value":"casuser"
>> "name":"cas.authn.mongo.password","value":"Mellon"
>> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
>> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
>> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
>> 2. And this is user properties in User collecion
>>
>> "username":"root",
>> "password":"root",
>> "lastname":"VNPT ADMIN",
>> "useremail":"xxx",
>> "usertel":"xxx"
>>
>> But, I have faced with problem about CAS Management Web App service.
>> Here is CAS Management Web App log:
>>
>> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - > authorize access, since the authenticated profile [#CasProfile# | id: root
>> | attributes: {credentialType=UsernamePasswordCredential,
>> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
>> authenticationMethod=users, successfulAuthenticationHandlers=users,
>> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
>> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
>> not contain any required roles*>
>>
>> Here is my service registry for CAS Manaement Web App:
>>
>> {
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
>> "name" : "casManagement",
>> "id" : 1,
>> "evaluationOrder" : 1,
>> "allowedAttributes":["cn","mail"]
>> }
>>
>> CAS server succeed create and authorized access token for user (id =
>> root) but CAS Management missing user's role.
>>
>> I don't know how to assign ROLE for user or indicate user's role fixed in
>> service registry.
>> Please help me.
>> Thank you in advance.
>>
>>
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org
>>
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGdHp3kNTDV6aDh%2BnB88Xnf7v9V4c%3DnSjAYRJb%3DstuBWac0JyA%40mail.gmail.com
>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAjqDDd_v5rOXtPqju1RHfa6mtgjv1Xb-O1u_J3ZptZ27g%40mail.gmail.com.
Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry
No melo podrá mandar en español
El jue., 27 de agosto de 2020 7:11 a. m., Napoleon Ponaparte <
naphaluan211...@gmail.com> escribió:
>
> Hi,
>
> I have succeeded config CAS Overlay template 6.2.x can authenticated user
> that registed in MongoDB.
> Here is my config:
>
> 1. CAS Properties
> "name":"cas.authn.mongo.name","value":"users"
> "name":"cas.authn.mongo.database-name","value":"users"
> "name":"cas.authn.mongo.collection","value":"users"
> "name":"cas.authn.mongo.username-attribute","value":"username"
> "name":"cas.authn.mongo.password-attribute","value":"password"
> "name":"cas.authn.mongo.user-id","value":"casuser"
> "name":"cas.authn.mongo.password","value":"Mellon"
> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
> 2. And this is user properties in User collecion
>
> "username":"root",
> "password":"root",
> "lastname":"VNPT ADMIN",
> "useremail":"xxx",
> "usertel":"xxx"
>
> But, I have faced with problem about CAS Management Web App service.
> Here is CAS Management Web App log:
>
> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - authorize access, since the authenticated profile [#CasProfile# | id: root
> | attributes: {credentialType=UsernamePasswordCredential,
> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
> authenticationMethod=users, successfulAuthenticationHandlers=users,
> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
> not contain any required roles*>
>
> Here is my service registry for CAS Manaement Web App:
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
> "name" : "casManagement",
> "id" : 1,
> "evaluationOrder" : 1,
> "allowedAttributes":["cn","mail"]
> }
>
> CAS server succeed create and authorized access token for user (id = root)
> but CAS Management missing user's role.
>
> I don't know how to assign ROLE for user or indicate user's role fixed in
> service registry.
> Please help me.
> Thank you in advance.
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org
>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGdHp3kNTDV6aDh%2BnB88Xnf7v9V4c%3DnSjAYRJb%3DstuBWac0JyA%40mail.gmail.com.
[cas-user] Assign roles properties for CAS's user or CAS's service registry
Hi,
I have succeeded config CAS Overlay template 6.2.x can authenticated user
that registed in MongoDB.
Here is my config:
1. CAS Properties
"name":"cas.authn.mongo.name","value":"users"
"name":"cas.authn.mongo.database-name","value":"users"
"name":"cas.authn.mongo.collection","value":"users"
"name":"cas.authn.mongo.username-attribute","value":"username"
"name":"cas.authn.mongo.password-attribute","value":"password"
"name":"cas.authn.mongo.user-id","value":"casuser"
"name":"cas.authn.mongo.password","value":"Mellon"
"name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
"name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP:port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
2. And this is user properties in User collecion
"username":"root",
"password":"root",
"lastname":"VNPT ADMIN",
"useremail":"xxx",
"usertel":"xxx"
But, I have faced with problem about CAS Management Web App service.
Here is CAS Management Web App log:
WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] -
Here is my service registry for CAS Manaement Web App:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId":"^https://cas-server-domain:8088/cas-management.+;,
"name" : "casManagement",
"id" : 1,
"evaluationOrder" : 1,
"allowedAttributes":["cn","mail"]
}
CAS server succeed create and authorized access token for user (id = root)
but CAS Management missing user's role.
I don't know how to assign ROLE for user or indicate user's role fixed in
service registry.
Please help me.
Thank you in advance.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org.
