grouper-users - [grouper-users] RE: Require group for logins isn't working properly
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: Gagné Sébastien <>, "" <>
- Subject: [grouper-users] RE: Require group for logins isn't working properly
- Date: Thu, 6 Dec 2012 16:32:47 +0000
- Accept-language: en-US
Which version do you have? 2.1.3 from a certain date? Also, did you set a lite ui group too? Maybe set to same group as admin? #users must be in this group to be able to login to the UI #note: if they are in the this group, then they can use the lite ui too require.group.for.logins= #users must be in this group to be able to login to the lite membership update UI (if not in require.group.for.logins) require.group.for.membershipUpdateLite.logins= Thanks, Chris From: [mailto:]
On Behalf Of Gagné Sébastien Hi, In media.properties we defined a group required for logins : media.properties:require.group.for.logins=etc:GroupeAccesUI But the behaviour is “leaky”. A user out of this group can access and modify groups using the lite UI. Here is our use case : Connect to grouper UI Authenticate with CAS with a user NOT in GroupeAccesUI Error message is shown that I must be in the group Click on the Lite UI Link (clicking on other AdminUI’s functions still gives me the message) Select Group members Then in the search box the user can search and select any group where “GrouperAll”/EveryEntity has Admin or Optin privilege. Then in manageMemberLite the user that
shouldn’t have any access to the Grouper UI can modify the groups or the members. Is it possible to block this ? This is a serious security concern here and prevents us from going in production for the moment. Thanks Sébastien Gagné, |
Analyste en informatique 514-343-6111 x33844
|
Université de Montréal,
|
Pavillon Roger-Gaudry, local X-100-11 |
- [grouper-users] Require group for logins isn't working properly, Gagné Sébastien, 12/06/2012
- [grouper-users] RE: Require group for logins isn't working properly, Chris Hyzer, 12/06/2012
- [grouper-users] RE: Require group for logins isn't working properly, Gagné Sébastien, 12/06/2012
- [grouper-users] RE: Require group for logins isn't working properly, Chris Hyzer, 12/06/2012
Archive powered by MHonArc 2.6.16.