Bugzilla – Bug 3224
CAS expects objects with exact name match to be enrolled prior to assertion generation
Last modified: 2005-05-02 11:26:14
You need to
before you can comment on or make changes to this bug.
Currently, if an assertion is requested on object, it is required to be
enrolled in the CAS database, even if rights have been granted for the
object because of policy on some other object (like if a wildcard condition
covers it). For example, if I have permission to file/read on ftp://some/dir/*,
then to get an assertion for ftp://some/dir/foo, I need to enroll it as an
object. I need not have explicit permission for ftp://some/dir/foo though.
Created an attachment (id=591) [details]
Patch to fix this bug
Fix committed to trunk and globus_4_0_branch