Seems it is actually a problem with attributes resolution :
2017-12-13 10:56:45,286 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
<Locating principal attributes for [user1]>
2017-12-13 10:56:45,287 DEBUG
[org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository]
- <[DefaultPrincipalAttributesRepository] will return the collection of
attributes directly associated with the principal object which are [{}]>
2017-12-13 10:56:45,289 DEBUG
[org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository]
- <Could not find principal [user1] in the repository so no attributes are
returned.>
--
Sébastien BEAUDLOT
Administrateur réseaux, téléphonie et flotte mobile
Direction Opérationnelle des Systèmes d'Information ( DOSI )
Pôle Infrastructures
Université d'Avignon et des Pays de Vaucluse
Tèl : 04.90.16.26.04
--
De: "Sebastien BEAUDLOT" <[email protected]>
À: "cas-user" <[email protected]>
Envoyé: Mercredi 13 Décembre 2017 11:01:17
Objet: Re: [cas-user] Restrincting service access based on uid
Hi,
Syntax is based on the documentation example :
https://apereo.github.io/cas/5.1.x/installation/Configuring-Service-Access-Strategy.html
(Enforce Attributes)
--
Sébastien BEAUDLOT
Administrateur réseaux, téléphonie et flotte mobile
Direction Opérationnelle des Systèmes d'Information ( DOSI )
Pôle Infrastructures
Université d'Avignon et des Pays de Vaucluse
Tèl : 04.90.16.26.04
--
De: "Uxío" <[email protected]>
À: "cas-user" <[email protected]>
Envoyé: Mercredi 13 Décembre 2017 10:57:01
Objet: Re: [cas-user] Restrincting service access based on uid
Is that a suspicious population of a list with comma separated values in string
containing an implicit list instead of with an explicit list of strings? Or is
it really meant to be comma separated values in string?
Sent from my iPhone
On 13 Dec 2017, at 10:00, Sebastien BEAUDLOT < [
mailto:[email protected] | [email protected]
] > wrote:
Hi,
I'm using LDAP with CAS 5.1.5 and want to try restricting access to a service
for some users.
What i did in the service definition :
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true,
"requiredAttributes" : {
"@class" : "java.util.HashMap",
"uid" : [ "java.util.HashSet", [ "user1, user2" ] ]
}
}
In cas.properties, i have
cas.authn.ldap[0].principalAttributeId=uid
and
cas.authn.attributeRepository.defaultAttributesToRelease=uid
but these users cannot access service : Cannot grant access to service [ [
http://service.domain.tld/]%20because%20it%20is%20not%20authorized%20for%20use%20by%20[user1
| http://service.domain.tld/] because it is not authorized for use by [user1 ]
]
What am i missing ?
Regards.
--
Sébastien BEAUDLOT
Administrateur réseaux, téléphonie et flotte mobile
Direction Opérationnelle des Systèmes d'Information ( DOSI )
Pôle Infrastructures
Université d'Avignon et des Pays de Vaucluse
Tèl : 04.90.16.26.04
--
--
- Website: [ https://apereo.github.io/cas | https://apereo.github.io/cas ]
- Gitter Chatroom: [ https://gitter.im/apereo/cas |
https://gitter.im/apereo/cas ]
- List Guidelines: [ https://goo.gl/1VRrw7 | https://goo.gl/1VRrw7 ]
- Contributions: [ https://goo.gl/mh7qDG | https://goo.gl/mh7qDG ]
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [ mailto:[email protected] | [email protected] ]
.
To view this discussion on the web visit [
https://groups.google.com/a/apereo.org/d/msgid/cas-user/937867729.1173640.1513155605101.JavaMail.zimbra%40univ-avignon.fr?utm_medium=email&utm_source=footer
|
https://groups.google.com/a/apereo.org/d/msgid/cas-user/937867729.1173640.1513155605101.JavaMail.zimbra%40univ-avignon.fr
] .
--
- Website: [ https://apereo.github.io/cas | https://apereo.github.io/cas ]
- Gitter Chatroom: [ https://gitter.im/apereo/cas |
https://gitter.im/apereo/cas ]
- List Guidelines: [ https://goo.gl/1VRrw7 | https://goo.gl/1VRrw7 ]
- Contributions: [ https://goo.gl/mh7qDG | https://goo.gl/mh7qDG ]
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [ mailto:[email protected] | [email protected] ]
.
To view this discussion on the web visit [
https://groups.google.com/a/apereo.org/d/msgid/cas-user/42683A54-8390-495A-AA54-3F2E834BCB69%40madiva.com?utm_medium=email&utm_source=footer
|
https://groups.google.com/a/apereo.org/d/msgid/cas-user/42683A54-8390-495A-AA54-3F2E834BCB69%40madiva.com
] .
--
- Website: [ https://apereo.github.io/cas | https://apereo.github.io/cas ]
- Gitter Chatroom: [ https://gitter.im/apereo/cas |
https://gitter.im/apereo/cas ]
- List Guidelines: [ https://goo.gl/1VRrw7 | https://goo.gl/1VRrw7 ]
- Contributions: [ https://goo.gl/mh7qDG | https://goo.gl/mh7qDG ]
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [ mailto:[email protected] | [email protected] ]
.
To view this discussion on the web visit [
https://groups.google.com/a/apereo.org/d/msgid/cas-user/45370903.1208787.1513159277001.JavaMail.zimbra%40univ-avignon.fr?utm_medium=email&utm_source=footer
|
https://groups.google.com/a/apereo.org/d/msgid/cas-user/45370903.1208787.1513159277001.JavaMail.zimbra%40univ-avignon.fr
] .
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/736094947.1209314.1513159340380.JavaMail.zimbra%40univ-avignon.fr.
