Put service with ssoenabled=false in first order of evaluation El jueves, 22 de marzo de 2018, Ted Fisher <tffi...@bgsu.edu> escribió:
> I’d like to try to rephrase my question since I only got one response: > > > > Is anyone using ssoEnabled set false in service definitions to effect the > same as renew=true from the client side? > > > > I haven’t been able to get it to work and even insane levels of logging > don’t reveal much, which puts me at a dead end. > > > > Can anyone suggest what the problem might be or where I could look for how > to get it working? > > > > Thanks. > > > > Ted Fisher > > > > *From:* cas-user@apereo.org <cas-user@apereo.org> *On Behalf Of *Ted > Fisher > *Sent:* Tuesday, March 20, 2018 10:09 AM > *To:* cas-user@apereo.org > *Subject:* [cas-user] ssoEnabled in service definition not working > correctly > > > > > > We are running CAS 4.1.5 and we need to make a couple services do > authentication only through CAS without creating an SSO session – that is > force renew=true from the CAS server and do not create a session after > authenticating (no TGT). My understanding of how to do this (per > https://apereo.github.io/cas/4.2.x/installation/Configuring-SSO-Session- > Cookie.html > <https://secure-web.cisco.com/1s_pvZqDqYPJVO438pQqU4TvLqSWEVVXhRTubAWqNG_zCG4sZipfcv2gMmyvv6Pnuic8d9W71uoVFSpzoe4SrCBrrGj77jNdDhCpNUFS48lyggImaSqJpgS8GT4kdSbenRxGUWtL4BAChy_TqNDrt5_VqPj_BZzviNTnes7Dx3-G2Bf3DNFdHlrJ6i7lsdqCWzJ3cfruWVLnJYKKzLOfdrntOmHVRV6shEmtdjXBFm2pnOGksaIBxSzPNpVLN8RQziE18DQz_XVkqU6l4qdo-JqIiwYmzIZAMUrusGSLTrk_eVqhdF7rrRMit2ct2v6gWk1g_qxCkVVCKj_9BB-2YUXRea4bl6XH9OYzp69ltj4RRQUl27IGb-Rgx3bo0cUaLMhX1JkSoA659I6X19HBD2qaSq3pq0SzdPyQuJgI4w3MrxcWiKCL1PdApeVczjhRClreJgCtXWOu6j_iRFw2gktzHauRGZJO6k0Ccz7orXAeXXwUBXLiVRDshBFVphmuFqjsCa9OGZFuKdExyT4MkpQ/https%3A%2F%2Fapereo.github.io%2Fcas%2F4.2.x%2Finstallation%2FConfiguring-SSO-Session-Cookie.html>) > is to set create.sso.renewed.authn=false in cas.properties and include > these in the service definition: > > "accessStrategy" : { > > "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccess > Strategy", > > "enabled" : true, > > "ssoEnabled" : false > > }, > > > > However, when I do this it does not allow authentication at all with the > following complaint in the log: > > [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceManagement: > Service [https://ssotest.bgsu.edu *… is not allowed to use SSO.* > > Am I missing something? Can anyone suggest why it is not processing the > service parameters as it seems it should? > > > > Thanks. > > > > Ted Fisher > > ITS, BGSU > > > > > > -- > - Website: https://apereo.github.io/cas > <https://secure-web.cisco.com/1Nay-_am2Z0y6SDgH9HR3bvkwDNLknPf6fWKCUTaI2eNuNffnDeBbql3GT6SyBvfMWzMz0YDF0DnVCRfgxXlG2qu_TfueVHVDIlKVuuiSb4xZtL_OxDGf5nPl2LA-uQS4OF6ky84Xzg7oo6DOs-ey7H4OrwpNbLaVqzufp4o-ZqX7vz9ahOt-w9lyL65LFmIa9y-6PgXT5pKt212zDWiKps5v3LPw5I1kTAYQ4lOS6VmbKXoWdZ5yRGIqZhBlYdCqpeheDbnn6nsWIiNP4CKU4wWOlsdE3EcfIrTql3UUsouVo55DbsUk6qqsfVtTr0qxXp9AlNMieVt1HFwe4mdK3GW2hRhqnKgVltYFAR44xaQNuqTPjZD7cJ__eg7Ek8wxo3CnDrpZM7LfI617H_ge05xGilnGMbVCr3QPDMqlxKW6olssr3tY2JrLO6zvN0dLOw1KQcZ_cwKr71wRQrv5oia1hlhO3WLSsj9ZlPm4pvwYCzvQ8RdnS8vZOJuwNuUkeqk97Dz7oL8CbEbWFpOQPg/https%3A%2F%2Fapereo.github.io%2Fcas> > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CY4PR05MB29339FFE13545423F8F44 > CA8C0AB0%40CY4PR05MB2933.namprd05.prod.outlook.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB29339FFE13545423F8F44CA8C0AB0%40CY4PR05MB2933.namprd05.prod.outlook.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CY4PR05MB293322A0CE40570D36D9C > 929C0A90%40CY4PR05MB2933.namprd05.prod.outlook.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB293322A0CE40570D36D9C929C0A90%40CY4PR05MB2933.namprd05.prod.outlook.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifCM2V3rLM9cnOExzOvuXzwYhLi-WXew8zadL_dvs_Wrw%40mail.gmail.com.
