Hi,
We are using Geoserver 2.27.2 together with Geofence and CAS authentication.
When a user logs into our web application and is authenticated via CAS, Geoserver receives the CAS ticket and successfully authenticates the user. In the Geoserver logs, we can see that the user’s direct roles are fetched:
DEBUG [services.RuleReaderServiceImpl] - Role:Rolename1
DEBUG [services.RuleReaderServiceImpl] - Role:Rolename2
...
DEBUG [services.RuleReaderServiceImpl] - Role:RolenameN
However, derived roles (i.e., roles from the group_roles table for groups the user belongs to, as per group_members) are not being loaded in this scenario.
Interestingly, when the same user logs in directly via the Geoserver web interface (https://<host>/geoserver/web), the derived roles are loaded correctly and appear in the logs.
Has anyone else experienced this issue?
Is there a known workaround or configuration setting that ensures derived roles are loaded when authenticating via CAS?
Thanks in advance!
Nils
P.S. I wrote a similar topic about this some while ago where I thought that the problem was in the Geofence-module and that we had solved the problem by changing some configuration. Please ignore that old topic