Hi Justin, I think when you say CAS protocol can use *ssoEnabled *( https://apereo.github.io/cas/5.3.x/installation/Configuring-Service-Access-Strategy.html) to enabled / disabled sso.
I have once altered CAS to make OAuth protocol also support ssoEnabled, although it is a big of a hack so I didn't brother submitting PR Unfortunately, I don't have the modified code at hand so I am just going to explain my flow with you in text, see if will help you: - First, Why this ssoEnabled didn't work for OAuth service is because when the ssoEnabled specified in your actual service, (let say: *https://www.example.com/oauth-service*), didn't actual take effect - *It is the generic OAuth service* (i.e. https://www.your-cas-server.com/cas/oauth2.0/...) that generated by CAS that looked at the *ssoEnabled *flag - In other word, normally if you make your service https://www.example.com/oauth-service: *ssoEnabled=false*, it will have no effect - But if you override the generated OAuth service, which is https://www.your-cas-server.com/cas/oauth2.0/.. (I forget the exact path...), and set *ssoEnabled=false*, ssoEnabled will be disabled as expected - But here's a tricky point: You won't always want all OAuth to be ssoEnabled=false - So what I did was, in the place where CAS service look at ssoEnabled, I do some calculation and replace the to be seen https://www.your-cas-server.com/cas/oauth2.0/... ssoEnabled settings with *https://www.example.com/oauth-service* settings. - Then this way, the ssoEnabled defined to *https://www.example.com/oauth-service *will also take effect as expected. See if other have better method to do this OAuth Force Reauthentication, because I think my method is kind of dirty so if there are better method you should use those first. Hope this info helps you. Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4c793b9c-8496-4cc5-a2f7-fd0559cbbfde%40apereo.org.
