Configure Service Access Strategy
The access strategy of a registered service provides fine-grained control over the service authorization rules. It describes whether the service is allowed to use the CAS server, allowed to participate in single sign-on authentication, etc. Additionally, it may be configured to require a certain set of principal attributes that must exist before access can be granted to the service. This behavior allows one to configure various attributes in terms of access roles for the application and define rules that would be enacted and validated when an authentication request from the application arrives.
Note that comparison of principal/required attribute names is case-sensitive. Exact matches are required for any individual attribute name.
Note that if the CAS server is configured to cache attributes upon release, all required attributes must also be released to the relying party. See this guide for more info on attribute release and filters.
Topic | Resource |
---|---|
Basic | See this guide. |
Unauthorized URLs | See this guide. |
ABAC | See this guide. |
Groovy | See this guide. |
Time-Based | See this guide. |
(Remote) HTTP Request | See this guide. |
Grouper | See this guide. |
Chaining | See this guide. |