François, Set 'evaluationOrder' for the services, more specific regex first. See https://apereo.github.io/cas/6.5.x/services/Service-Management.html
You can also create your service identified by the entityId (no regex required) https://apereo.github.io/cas/6.5.x/integration/Shibboleth.html#relying-party-entityid Ray On Wed, 2022-06-15 at 17:50 +0200, fjannin4 wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi all, We use Shiboleth IDP to enable SAML and federation enabled authentication over CAS. I have to apply access policy of a given Shibboleth service using a LDAP group, while all other Shibboleth services have no access policy. Is there a way to do this ? I have definied two services : one with access policy, the other without, with two different regexp (serviceid) : Regexp are tested as matching the given urls Whatever evalauation order iI use, It seems the part of url is not taken into account in CAS evaluation, and it is always the service with generic regexp that match the rule, with no restriction so. My URL to restricted service is like : <https://idp.mydomain.fr/idp/Authn/ExtCas?conversation=e1s1&entityId=https://restricted-service.fr/auth/saml2> https://idp.mydomain.fr/idp/Authn/ExtCas?conversation=e1s1&entityId=https://restricted-service.fr/auth/saml2 My regexp to try to match this restricted service is : ^(http|https):\/\/(.*)idp\.mydomain\.fr\/.*restricted-service.*$ my regexp for all other IDP services : ^(http|https):\/\/(.*)idp\.mydomain\.fr\/.*$ I have missed something ? If any one has an idea to get something similar to work or was facing the same case, thanks a lot for any clue or hint ! Regards François -- - Website: <https://apereo.github.io/cas> https://apereo.github.io/cas - Gitter Chatroom: <https://gitter.im/apereo/cas> https://gitter.im/apereo/cas - List Guidelines: <https://goo.gl/1VRrw7> https://goo.gl/1VRrw7 - Contributions: <https://goo.gl/mh7qDG> https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to <mailto:cas-user+unsubscr...@apereo.org> cas-user+unsubscr...@apereo.org . To view this discussion on the web visit <https://groups.google.com/a/apereo.org/d/msgid/cas-user/2bd9a4c6-4210-584d-9ef3-26914c353b79%40gmail.com> https://groups.google.com/a/apereo.org/d/msgid/cas-user/2bd9a4c6-4210-584d-9ef3-26914c353b79%40gmail.com . -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1af78337ce1de7a8bbce7ee674f8f3dc7d36337.camel%40uvic.ca.
