Hi all,
We use Shiboleth IDP to enable SAML and federation enabled
authentication over CAS.
I have to apply access policy of a given Shibboleth service using a LDAP
group, while all other Shibboleth services have no access policy.
Is there a way to do this ?
I have definied two services : one with access policy, the other
without, with two different regexp (serviceid) :
Regexp are tested as matching the given urls
Whatever evalauation order iI use, It seems the part of url is not taken
into account in CAS evaluation, and it is always the service with
generic regexp that match the rule, with no restriction so.
My URL to restricted service is like :
https://idp.mydomain.fr/idp/Authn/ExtCas?conversation=e1s1&entityId=https://restricted-service.fr/auth/saml2
My regexp to try to match this restricted service is :
^(http|https):\/\/(.*)idp\.mydomain\.fr\/.*restricted-service.*$
my regexp for all other IDP services :
^(http|https):\/\/(.*)idp\.mydomain\.fr\/.*$
I have missed something ? If any one has an idea to get something
similar to work or was facing the same case, thanks a lot for any clue
or hint !
Regards
François
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2bd9a4c6-4210-584d-9ef3-26914c353b79%40gmail.com.
