subject:"\[cas\-user\] Re\: CAS 5.3.9 Access Strategy Groovy script"

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-12 Thread Ray Bon

Debian, The webflow can be modified dynamically (that is how all CAS features work). You create a few files and configuration in the overlay and your feature will automagically show up in the webflow. I have a gist that can help with visualizing the webflow,

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-12 Thread Debian HNT

Ray, I'd like to thank you for all your answers, but I think I'll give up the groovy script if I have to modify the webflow, because as it says on the documentation, it's going to be complicated for future updates... Thank you again Regards, Debian, > > If getUnauthorizedRedirectUrl is

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-07 Thread Debian HNT

Ray, I think I understood the problem. I put some logs to retrieve state of accountStatus. At the 1st connection the function doPrincipal has "Blocked" Function 1 : Blocked //1st connection Function 2 : Blocked //2nd connection Function 1 : Blocked //2nd connection but at the 2nd connection

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-06 Thread Ray Bon

Debian, The service entry looks fine. Make sure the id value is unique and make sure the evaluation order allows it to be accessed, https://apereo.github.io/cas/6.0.x/services/Service-Management.html The logs you provided do not have anything about not being able to access blocked.html What

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-06 Thread Debian HNT

Ray, I think the problem comes from the registration of the url https://cas.univ.com/blocked.html to cas I tried to redirect to a registered service like cas-management page and its worked. So I tried to register https://cas.univ.com/help/blocked.html

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-06 Thread Debian HNT

Ray, I think the problem comes from the registration of the url https://cas-univ.com/blocked.html to cas I tried to redirect to a registered service like cas-management page and its worked. So I tried to register https://cas-univ.com/help/blocked.html

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-05 Thread Ray Bon

Set the logger to be more general: or better, set all of cas to log at debug: Try using logger.error. See https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html#groovy-script I am not sure about importing as I have not used groovy scripting. It is important that

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-05 Thread Debian HNT

This line doesnt work, do I have to import some package? log.error("doPrincipalAttributesAllowServiceAccess: " + attributes.get('udlAccountStatus')) So I wrote this to exit the state of accountStatus java.net.URI getUnauthorizedRedirectUrl() { if (this.accountStatus == 'Blocked') {

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-05 Thread Debian HNT

Ray, There is two states 1st connection : "Service access denied due to missing privileges" 2nd connection :"Application Not Authorized to Use CAS" + message log "CAS will be redirecting to... https://blocke.html; I'm running out of ideas... Regards, Ray, > > waiting.html isnt protected by a

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-05 Thread Debian HNT

Ray, waiting.html isnt protected by a CAS client.. I tried to register it as a CAS services with the cas management app but it doesnt change anything. Network browser traffic display error 401. it's weird, for the simple redirection it works the url is well displayed, but for the dynamic

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-04 Thread Ray Bon

Debian, Is waiting.html protected by a CAS client? The 'not authorized' message shows in CAS when an application redirects to CAS but is not in CAS services. Check your browser network traffic to see the redirects. Ray On Tue, 2019-06-04 at 02:58 -0700, Debian HNT wrote: Ray, UPDATE I

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-04 Thread Debian HNT

Ray, UPDATE I wrote my own logs by redirecting to a file to see if this.accountStatus recovers the correct state like this java.net.URI getUnauthorizedRedirectUrl() { if (this.accountStatus == 'Blocked') { File file = new File("/tmp/cas")

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-04 Thread Debian HNT

Ray, Theses lines do not return anything in my logs... I thought my file wasnt up but it is because the ldaptive debug is generated... I dunno whats happening regards, Debian, > > Add this to your log4j2.xml > > > replacing 'package' with the package of your class. > > Add this as the first

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-03 Thread Ray Bon

Debian, Add this to your log4j2.xml replacing 'package' with the package of your class. Add this as the first line of doPrincipalAttributesAllowServiceAccess method: log.error("doPrincipalAttributesAllowServiceAccess: " + attributes.get('udlAccountStatus')) Log level does not have to be

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-03 Thread Debian HNT

Ray, In my log4j2.xml I have this When access is granted I have this in my logs 8430:2019-06-03 14:13:39,963 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - https://castete.univ.com/cas/status/dashboard] defined by registered service

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-06-03 Thread Debian HNT

Ray, Thanks a lot for your response. If it is neither 'blocked' nor 'waiting' access should be granted Debian, Debian, > > To know what is happening in your code, add logging statements!!! > > If you modify your code, you have to remember to un-modify it. Too easy to > forget a change and

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-29 Thread Ray Bon

Debian, To know what is happening in your code, add logging statements!!! If you modify your code, you have to remember to un-modify it. Too easy to forget a change and release to production. I have not used groovy scripting in CAS. Can you write unit tests? This will let you know that your

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-29 Thread Debian HNT

Hi Ray, I'm trying to implement dynamic url redirect, here's my code : import org.apereo.cas.services.* import java.util.* import java.net.URI class GroovyRegisteredAccessStrategy extends DefaultRegisteredServiceAccessStrategy { final String accountStatus @Override boolean

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-28 Thread Debian HNT

Hi Ray, Thanks for your response and idea, I managed to make it work ! Best regards, Debian, > > 'Principal' is what the logged in user is called. Think of it as a box > containing id, attributes, etc. > > Ray > > On Mon, 2019-05-27 at 04:31 -0700, Debian HNT wrote: > > > Hi Ray, >

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-27 Thread Ray Bon

Debian, 'Principal' is what the logged in user is called. Think of it as a box containing id, attributes, etc. Ray On Mon, 2019-05-27 at 04:31 -0700, Debian HNT wrote: Hi Ray, It is a message that CAS is displaying "Service access denied due to missing privileges." Here's the logs

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-27 Thread Ray Bon

Debian, return new URI('https... Ray On Sun, 2019-05-26 at 23:57 -0700, Debian HNT wrote: Hi Ray, It s a message that CAS is displaying "Service access denied due to missing privileges." heres the log : 2019-05-27 08:23:02,532 WARN

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-27 Thread Debian HNT

Hi Ray, It is a message that CAS is displaying "Service access denied due to missing privileges." Here's the logs 2019-05-27 13:02:15,646 WARN [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - https://castete.univ.com/aide/blocked.html]> 2019-05-27 13:02:53,173 WARN

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-27 Thread Debian HNT

Hi Ray, It is a message that CAS is displaying "Service access denied due to missing privileges." Here's the logs 2019-05-27 13:02:15,646 WARN [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - https://castete.univ.com/aide/blocked.html]> 2019-05-27 13:02:53,173 WARN

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-27 Thread Debian HNT

Hi Ray, It is a message that CAS is displaying "Service access denied due to missing privileges." Here's the logs 2019-05-27 13:02:15,646 WARN [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - https://castete.univ.com/aide/blocked.html]> 2019-05-27 13:02:53,173 WARN

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-27 Thread Debian HNT

Hi again, I don't think I'm returning the right type... The return type should be java net uri right? If yes I should use Use.parse() to convert string to uri right? Thanks in advance, Hi Ray, > > It s a message that CAS is displaying "Service access denied due to > missing privileges." > >

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-27 Thread Debian HNT

Hi Ray, It s a message that CAS is displaying "Service access denied due to missing privileges." heres the log : 2019-05-27 08:23:02,532 WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - https://castete.univ.com/cas/status/dashboard] because it is not authorized for use

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-24 Thread Ray Bon

Debian, When you say 'access is denied', is that a message that CAS is displaying or is that your service (admusers.properties sounds like your service)? Check CAS logs to see what is happening (you may need to add logging to you custom code). Ray On Fri, 2019-05-24 at 00:01 -0700, Debian

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-24 Thread Debian HNT

(I want to use a groovy script because I'd like to do dynamic redirecturl) Hello Ray, > > Thanks for your answer, the conf seems to be ok, I can access to the log > in page of the service but when I try to connect with my ID, the access is > denied. > Before using groovy script I was able to

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-24 Thread Debian HNT

Hello Ray, Thanks for your answer, the conf seems to be ok, I can access to the log in page of the service but when I try to connect with my ID, the access is denied. Before using groovy script I was able to access the service... I've checked my admusers.properties and my account is set to

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-23 Thread Ray Bon

Debian, Skip the for loop. If you know the attribute key, check it directly (sorry about the use of map in my previous example): if ('Active' == attributes.get('udlAccountStatus')) Also, from a programming perspective, entrySet returns a Set>. Ray On Thu, 2019-05-23 at 06:59 -0700, Debian

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-23 Thread Debian HNT

Ray, Excuse me for the inconvenience but I still have errors... I've tried your syntax import org.apereo.cas.services.* import java.util.* class GroovyRegisteredAccessStrategy extends DefaultRegisteredServiceAccessStrategy { @Override boolean isServiceAccessAllowed() {

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-23 Thread Debian HNT

Ray, Thanks a lot for your message, it's a little clearer for me now... I'll try your suggestion... Thank u again... Debian, > > I should have looked closer at your method logic. > From the method name I suspect that method checks an attribute to > determine service access. This is what you

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-22 Thread Ray Bon

Debian, I should have looked closer at your method logic. >From the method name I suspect that method checks an attribute to determine >service access. This is what you originally proposed 'attribute = Active'. You will need to know what attributes you have. You can add logging to the method

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-22 Thread Debian HNT

Ray, Thanks for your answer! I've changed the variable to attributes but it doesnt repair the issue. I dont understand how to set principal to my attribute : account and how to configure the map to active/blocked/waiting? I'm not sure if I cleary understand the function... Thank u in

Re: [cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-21 Thread Ray Bon

Debian, In doPrincipal..., you are using a variable called 'map' but the variable is 'attributes'. Ray On Tue, 2019-05-21 at 02:22 -0700, Debian HNT wrote: Hello guys, I'm still trying to configure a groovy script for access strategy but I have some errors Here's my access-strategy.groovy

[cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-21 Thread Debian HNT

Hello guys, I'm still trying to configure a groovy script for access strategy but I have some errors Here's my access-strategy.groovy import org.apereo.cas.services.* import java.util.* class GroovyRegisteredAccessStrategy extends DefaultRegisteredServiceAccessStrategy { @Override

[cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-20 Thread Debian HNT

Someone? pls -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To

[cas-user] Re: CAS 5.3.9 Access Strategy Groovy script

2019-05-16 Thread Raphaël CHANE

Hello, I'd like to do the same thing but I dont really understand the syntax, because I'm new to Groovy... Hello guys, > > > I'm looking for a configuration of Access Strategy with a Groovy Script. > > I'd like to set some attributes required and redirection url. > > For example if the

38 matches

Mail list logo