I made a typo, it is a cas server 6.6.4
Le jeudi 9 février 2023 à 06:54:01 UTC+1, Vincent Delhommmeau a écrit :
> Hello,
>
> I am trying to set up a cas-management web application 6.6.0 on a cas
> server 6.4.0.
> After a successful cas login, this message is displayed by the
> cas-management application (approximate translation) :
> "The CAS management application is unavailable.
> An error has occurred. Please contact your support or try again"
>
> In cas-management.log I have this (short version) :
> "Unable to authorize access, since the authenticated profile does not
> contain any required roles"
>
> In management.properties I tried
> mgmt.userPropertiesFile=file:/etc/cas/config/users.json
> and
> mgmt.userPropertiesFile=file:/etc/cas/config/users.properties
>
> I also defined a second admin role (which should match a returned
> attribute) :
> mgmt.adminRoles[0]=ROLE_ADMIN
> mgmt.adminRoles[1]=EHPRSI_INF
>
> users.propertes :
> # Only 'casuser' is authorized to use cas services management app
> vdelhomm=notused,ROLE_ADMIN
>
> users.json :
> {
> "vdelhomm" : {
> "@class" :
> "org.apereo.cas.mgmt.authz.json.UserAuthorizationDefinition",
> "roles" : [ "ROLE_ADMIN" ]
> }
> }
>
> I also created a cas attribute which is returned to th service after
> authentication :
>
> attribute-def-store.json :
> {
> "@class" : "java.util.TreeMap",
> "roles" : {
> "@class" :
> "org.apereo.cas.authentication.attribute.DefaultAttributeDefinition",
> "key" : "roles",
> "scoped" : false,
> "attribute" : "supannEntiteAffectation"
> }
> }
>
> service json file :
> ...
> "attributeReleasePolicy" : {
> "@class" :
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
> "allowedAttributes" :
> [ "java.util.ArrayList", [ "uid", "roles" ] ]
> }
>
> The attribute is returned, but the cas management application doesnt care
> about it.
> I suppose that it was not a good idea.
>
> What did I miss ?
> It seems that the user is not found in users.properties or users.json
> Is "uid" the correct attribute to return ?
>
> thanks,
>
> PS : the cas-management.log message long version :
> 2023-02-08 17:42:57,530 WARN
> [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - Unable to authorize
> access, since the authenticated profile [#CasProfile# | id: vdelhomm
> | attributes: {clientIpAddress=x.x.x.x,
> credentialType=UsernamePasswordCredential, uid=vdelhomm,
> isFromNewLogin=true, authenticationDate=2023-02-08T16:42:57.273849Z,
> authenticationMethod=LdapAuthenticationHandler, roles=EHPRSI_INF,
> successfulAuthenticationHandlers=LdapAuthenticationHandler,
> serverIpAddress=y.y.y.y,
> userAgent=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 OPR/58.0.3135.127,
> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions:
> [] | isRemembered: false | clientName: CasClient | linkedId: null |] does
> not contain any required roles
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ec304f58-11ab-43b3-a288-cbadd060966an%40apereo.org.
