I haven't modified it to match your use case expressly and keep in mind,
instead of doing this every time I retrieve data from ldap (performance), I
am only doing it when a SP needs memberships and I am only passing the
groups that match their use (least privilege).
import java.util.*
def run(final Object... args) {
def attributes = args[0]
def logger = args[1]
// logger.debug("Current attributes are {}", attributes)
def groupMemberships=attributes['groupMembership']
// logger.debug("Current groups are {}", groupMembership)
// only keep groups that match groupMemberships
groupMemberships.retainAll { it.toLowerCase().startsWith('cn=sis-asp') }
def roles = []
// for each build custom string that AWS expects
groupMemberships.each {kuGroup ->
def (_,role) = (kuGroup =~ /^cn=sis-asp.([^,]*).*/)[0]
roles.add("sis-asp-${role}")
}
return roles
}
The release is essentially:
"attributeReleasePolicy" : {
"@class" :"org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"eduPersonPrincipalName" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"urn:oid:1.3.6.1.4.1.5923.1.5.1.1" :
"file:/etc/cas/config/scripts/pathlock-roles.groovy"
}
},
Andrew Marker
On Tue, Nov 12, 2024 at 9:13 PM Ray Bon <r...@uvic.ca> wrote:
> Daniel,
>
> See PATTERN FORMAT or EXTERNAL SCRIPT at the bottom of
> https://apereo.github.io/cas/7.1.x/integration/Attribute-Definitions.html
>
>
> Ray
> On Tue, 2024-11-12 at 18:06 -0500, Daniel Maldonado wrote:
>
> [You don't often get email from dmaldon...@epc-instore.com. Learn why
> this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> I would like to get the top leven “cn” from my ldap query. The values
> returned look like:
>
> memberOf=[cn=admins,cn=groups,cn=accounts,dc=mycompany,dc=com,…]
>
> as one of the attributes. I only need the top values: “admins”
> and not everything else.
>
> I can not find in the documentation where I can basically return this top
> level value as a set.
>
> I can do it in my Java app but that would mean a “custom” solution for all
> my apps.
>
> Am I missing something here?
>
> CAS version: 7.1.1
>
> --
> - Website:
> https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7C6108767894c042badf2e08dd0389a1a9%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638670611835591998%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=qgt4zh8Hcuxw%2BQ4YHy%2BFEHqcJWXbxV%2BAs5JpC%2FKshxM%3D&reserved=0
> <https://apereo.github.io/cas>
> - List Guidelines:
> https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=05%7C02%7Crbon%40uvic.ca%7C6108767894c042badf2e08dd0389a1a9%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638670611835611345%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=kx2P69WsJOUbVv7xHygFbDRJ7BdX6kLq3tsEn3hples%3D&reserved=0
> <https://goo.gl/1VRrw7>
> - Contributions:
> https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=05%7C02%7Crbon%40uvic.ca%7C6108767894c042badf2e08dd0389a1a9%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638670611835622203%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=jdSb24WsOrqHL8pe9JGn3VV7Zrf2VUoBWfPlI0sqbl4%3D&reserved=0
> <https://goo.gl/mh7qDG>
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion visit
> https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FE73E9572-BC4B-4428-97CE-7241ED1F4CC1%2540epc-instore.com&data=05%7C02%7Crbon%40uvic.ca%7C6108767894c042badf2e08dd0389a1a9%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638670611835633812%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=29McdrmdbESKw0nhBiDbQUY91xTaP3gA19yT8iE3gn0%3D&reserved=0
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/E73E9572-BC4B-4428-97CE-7241ED1F4CC1%40epc-instore.com>
> .
>
>
> --
> - Website: https://apereo.github.io/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d4e3128410fe5a4e3d2fe930da1fdfcff05e64e8.camel%40uvic.ca
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d4e3128410fe5a4e3d2fe930da1fdfcff05e64e8.camel%40uvic.ca?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGGVe%2BFnjkD%3D3iJgZhRMsyfPP5kc-inawkxHJZzQJTOpHdATMQ%40mail.gmail.com.
