Hi, I'm using LDAP with CAS 5.1.5 and want to try restricting access to a service for some users. What i did in the service definition :
"attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" }, "accessStrategy" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "ssoEnabled" : true, "requiredAttributes" : { "@class" : "java.util.HashMap", "uid" : [ "java.util.HashSet", [ "user1, user2" ] ] } } In cas.properties, i have cas.authn.ldap[0].principalAttributeId=uid and cas.authn.attributeRepository.defaultAttributesToRelease=uid but these users cannot access service : Cannot grant access to service [http://service.domain.tld/] because it is not authorized for use by [user1] What am i missing ? Regards. -- Sébastien BEAUDLOT Administrateur réseaux, téléphonie et flotte mobile Direction Opérationnelle des Systèmes d'Information ( DOSI ) Pôle Infrastructures Université d'Avignon et des Pays de Vaucluse Tèl : 04.90.16.26.04 -- -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/937867729.1173640.1513155605101.JavaMail.zimbra%40univ-avignon.fr.