grouper-users - [grouper-users] Require group for logins isn't working properly
Subject: Grouper Users - Open Discussion List
List archive
- From: Gagné Sébastien <>
- To: <>
- Subject: [grouper-users] Require group for logins isn't working properly
- Date: Thu, 6 Dec 2012 10:26:20 -0500
Hi, In media.properties we defined a group required for logins : media.properties:require.group.for.logins=etc:GroupeAccesUI But the behaviour is “leaky”. A user out of this group can access and modify groups using the lite UI. Here is our use case : Connect to grouper UI Authenticate with CAS with a user NOT in GroupeAccesUI Error message is shown that I must be in the group Click on the Lite UI Link (clicking on other AdminUI’s functions still gives me the message) Select Group members Then in the search box the user can search and select any group where “GrouperAll”/EveryEntity has Admin or Optin privilege. Then in manageMemberLite the user that shouldn’t have any access to the Grouper UI can modify the groups or the members. Is it possible to block this ? This is a serious security concern here and prevents us from going in production for the moment. Thanks Sébastien Gagné, | Analyste en informatique 514-343-6111 x33844 | Université de Montréal, | Pavillon Roger-Gaudry, local X-100-11 |
- [grouper-users] Require group for logins isn't working properly, Gagné Sébastien, 12/06/2012
- [grouper-users] RE: Require group for logins isn't working properly, Chris Hyzer, 12/06/2012
- [grouper-users] RE: Require group for logins isn't working properly, Gagné Sébastien, 12/06/2012
- [grouper-users] RE: Require group for logins isn't working properly, Chris Hyzer, 12/06/2012
Archive powered by MHonArc 2.6.16.