[shib_auth] Shib & Taxonomy Access Control
Avi Schwab
ajschwab at uchicago.edu
Wed Apr 25 23:54:22 CEST 2012
I'm testing out a scenario where I use shib to authenticate users, assign them roles, and then lock down pages using TAC based on their roles. I've successfully authenticated users, set up the role assignments, and made a crude little php block to display the dynamically assigned roles, but when user roles are set dynamically the TAC doesn't seem to see them and does not allow the user to see those pages to which I've given them access. If I make a role rule sticky (or assign a group directly) then the user can see the pages correctly.
I dug around a little and am not totally sure how the dynamic roles are being stored, but I'm assuming it's a session variable instead of a db variable. Is it possible that TAC only reads db variables and therefore does not see these dynamic roles? Is this a bug or just by design?
Thanks,
Avi Schwab
College Support Specialist/Web Project Coordinator
College IT, Harper 238
(773) 834-2189
collegeit at uchicago.edu
http://collegeit.uchicago.edu
More information about the shib_auth
mailing list