This is an approach that fits in with the things I said previously. And it may be possible that you can get LDAP group information available as CAS attributes.
Milt Epstein Programmer in Computational Genomics Institute for Genomic Biology (IGB) University of Illinois at Urbana-Champaign (UIUC) mepst...@illinois.edu On Mon, 30 Mar 2015, David Hawes wrote: > On Mon, Mar 30, 2015 at 12:16 PM, Chris Cheltenham > <cchelten...@swaintechs.com> wrote: > > Gentlemen, > > > > I appreciate your thoughts and suggestions. > > .htacces may be the easiest way to go for us. > > > > The mod_authnz_ldap looks to be a bit hairy. > > Last thing I want to do it keep track of ldap attributes as it looks very > > granular in detail. > > > > Thank you for all our suggestions and I wish my boss would give me the time > > to actually work this out. > > If you are using CASValidateSAML and the attributes you want to > authorize on are released there, you can do the following (from the > README): > > ===== > If SAML-delivered attribute authorization is also desired, use the > samlValidate URL, enable SAML validation, and specify cas-attribute > in your require rule (please note: both attribute name and value are > case-sensitive): > > CASCookiePath /var/cache/apache2/mod_auth_cas/ > CASLoginURL https://login.example.org/cas/login > CASValidateURL https://login.example.org/cas/samlValidate > CASValidateSAML On > > <Location /secured> > Authtype CAS > require cas-attribute edupersonaffiliation:staff > </Location> > ===== > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > mepst...@illinois.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
