I managed to make it work. The problem appear to be in attributes release an mapping.
Adding : cas.authn.attribute-repository.ldap[0].ldap-url=ldaps://ldap.lepuyenvelay.fr cas.authn.attribute-repository.ldap[0].bind-dn=cn=admin,dc=lepuyenvelay,dc=fr cas.authn.attribute-repository.ldap[0].bind-credential=secret cas.authn.attribute-repository.ldap[0].attributes.memberOf=roles in cas.properties and management.properties allow to populate roles with : "dc=lepuyenvelay, dc=fr, ou=roles, cn=ADMINISTRATOR" For my service, I set attributeReleasePolicy to ReturnAllAttributeReleasePolicy So I set : mgmt.adminRoles=dc=lepuyenvelay, dc=fr, ou=roles, cn=ADMINISTRATOR in management.properties I don't uderstand why mapped roles is "dc=lepuyenvelay, dc=fr, ou=roles, cn=ADMINISTRATOR" as the memberOf value is "cn=ADMINISTRATOR, ou=roles, dc=lepuyenvelay, dc=fr"... I think it's a bit chaotic and not exactly what I want as roles are retrieved by CAS attributes and not in the LDAP but it do the job. Le mardi 18 août 2020 à 17:17:55 UTC+2, dfisher a écrit : > On Tue, Aug 18, 2020 at 8:12 AM Julien Sabatier <[email protected]> wrote: > >> I'm trying to setup a CAS 6.2.1 with CAS Management for manage services. >> >> Actually I have a 6.2.1-SNAPSHOT CAS Management which start up well. >> >> At the first load, it redirect me to CAS login page, where I use my >> login/password. >> After, i get the message : "authorizationFailure" >> >> And in the log it appear thar the user roles are empty : >> >> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - Unable to >> authorize access, since the authenticated profile [#CasProfile# | id: >> julien.sabatier | attributes: {credentialType=UsernamePasswordCredential, >> isFromNewLogin=true, authenticationDate=2020-08-18T08:07:35.737859Z, >> authenticationMethod=LdapAuthenticationHandler, >> successfulAuthenticationHandlers=LdapAuthenticationHandler, >> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: [] >> | isRemembered: false | clientName: CasClient | linkedId: null |] does not >> contain any required roles >> >> I want to use LDAP for managing auth. >> I have a role : cn=ADMINISTRATOR,ou=roles,dc=lepuyenvelay,dc=fr >> And my user is a member of this groupOfMember >> > > Can you put org.ldaptive in DEBUG to confirm the groupOfMember query is > happening? > > --Daniel Fisher > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b663f82-1951-47de-89c2-cecab4d46648n%40apereo.org.
