You were right, the documentation show a bad way to write multiple values. The good way is : "user1", "user2", "user3"
I found the problem. uid need to be explicitely defined in cas.authn.ldap[0].principalAttributeList so it can be released and then used in service access strategy. -- Sébastien BEAUDLOT Administrateur réseaux, téléphonie et flotte mobile Direction Opérationnelle des Systèmes d'Information ( DOSI ) Pôle Infrastructures Université d'Avignon et des Pays de Vaucluse Tèl : 04.90.16.26.04 -- De: "Uxío" <[email protected]> À: "cas-user" <[email protected]> Envoyé: Mercredi 13 Décembre 2017 10:57:01 Objet: Re: [cas-user] Restrincting service access based on uid Is that a suspicious population of a list with comma separated values in string containing an implicit list instead of with an explicit list of strings? Or is it really meant to be comma separated values in string? Sent from my iPhone On 13 Dec 2017, at 10:00, Sebastien BEAUDLOT < [ mailto:[email protected] | [email protected] ] > wrote: Hi, I'm using LDAP with CAS 5.1.5 and want to try restricting access to a service for some users. What i did in the service definition : "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" }, "accessStrategy" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "ssoEnabled" : true, "requiredAttributes" : { "@class" : "java.util.HashMap", "uid" : [ "java.util.HashSet", [ "user1, user2" ] ] } } In cas.properties, i have cas.authn.ldap[0].principalAttributeId=uid and cas.authn.attributeRepository.defaultAttributesToRelease=uid but these users cannot access service : Cannot grant access to service [ [ http://service.domain.tld/]%20because%20it%20is%20not%20authorized%20for%20use%20by%20[user1 | http://service.domain.tld/] because it is not authorized for use by [user1 ] ] What am i missing ? Regards. -- Sébastien BEAUDLOT Administrateur réseaux, téléphonie et flotte mobile Direction Opérationnelle des Systèmes d'Information ( DOSI ) Pôle Infrastructures Université d'Avignon et des Pays de Vaucluse Tèl : 04.90.16.26.04 -- -- - Website: [ https://apereo.github.io/cas | https://apereo.github.io/cas ] - Gitter Chatroom: [ https://gitter.im/apereo/cas | https://gitter.im/apereo/cas ] - List Guidelines: [ https://goo.gl/1VRrw7 | https://goo.gl/1VRrw7 ] - Contributions: [ https://goo.gl/mh7qDG | https://goo.gl/mh7qDG ] --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [ mailto:[email protected] | [email protected] ] . To view this discussion on the web visit [ https://groups.google.com/a/apereo.org/d/msgid/cas-user/937867729.1173640.1513155605101.JavaMail.zimbra%40univ-avignon.fr?utm_medium=email&utm_source=footer | https://groups.google.com/a/apereo.org/d/msgid/cas-user/937867729.1173640.1513155605101.JavaMail.zimbra%40univ-avignon.fr ] . -- - Website: [ https://apereo.github.io/cas | https://apereo.github.io/cas ] - Gitter Chatroom: [ https://gitter.im/apereo/cas | https://gitter.im/apereo/cas ] - List Guidelines: [ https://goo.gl/1VRrw7 | https://goo.gl/1VRrw7 ] - Contributions: [ https://goo.gl/mh7qDG | https://goo.gl/mh7qDG ] --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [ mailto:[email protected] | [email protected] ] . To view this discussion on the web visit [ https://groups.google.com/a/apereo.org/d/msgid/cas-user/42683A54-8390-495A-AA54-3F2E834BCB69%40madiva.com?utm_medium=email&utm_source=footer | https://groups.google.com/a/apereo.org/d/msgid/cas-user/42683A54-8390-495A-AA54-3F2E834BCB69%40madiva.com ] . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2111099967.1432208.1513173673298.JavaMail.zimbra%40univ-avignon.fr.
