I think you need to make sure you use SAML in order to get attributes mapped.
--
Eduardo J. Ortega U.
Tel: 57+1+2553580
Cel: 57+317+4415156
Zürich
CL 72 5 83 Piso 11, Bogotá, CO.
On Thursday 05 June 2014 06:35:49 frankvanewijk wrote:
> Dear Shiro guru,
>
> Could you please help me with the following situation?
>
> *Background information:*
> - I'm using the Vaadin framework.
> - Í'm using ssl.
> - Authentication works.
> - Username syntax = pietj@<COMPANY>.lcl , jank@<COMPANY>.lcl
> - memberOf field is being used as role.
> - shiro.ini
>
> [main]
> contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory
> contextFactory.url = ldaps://<SERVER>:636
> contextFactory.systemUsername = <USERNAME>@<COMPANY>
> contextFactory.systemPassword = <PASSWORD>
> contextFactory.environment[java.naming.security.protocol] = ssl
>
> realm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
> realm.ldapContextFactory = $contextFactory
> realm.searchBase = "OU=<APPDIR>,DC=<COMPANY>,DC=lcl"
> realm.groupRolesMap =
> "CN=<ROLE>,OU=<APPDIR>,DC=<COMPANY>,DC=lcl":"Admin"
>
> [roles]
> # 'Admin' role has permissions *
> Admin = *
>
> *Goal*
> - Authorization mapping based on the memberOf field from the currentUser.
>
> *Problem*
> - currentUser.hasRole("Admin") always return false.
>
> * Questions *
> - Is the above shiro.ini correct?
> - How do I fix the problem?
>
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/LDAP-Authorization-config-tp7580031.
> html Sent from the Shiro User mailing list archive at Nabble.com.
--
Eduardo J. Ortega U.
Tel: 57+1+2553580
Cel: 57+317+4415156
Zürich
CL 72 5 83 Piso 11, Bogotá, CO.
