I've got serivce like this: test-1.json { "@class": "org.apereo.cas.services.RegexRegisteredService", "serviceId": "^(http|https|imaps)://exampleorg/casphp", "name": "test", "id": 1, "evaluationOrder": 1, "requiredHandlers" : [ "java.util.HashSet", [ "everest" ] ] }
and in cas.propierties i have 3 handlers with AD Ldap: cas.authn.ldap[0].name=everest cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldaps://**** cas.authn.ldap[0].baseDn=**** cas.authn.ldap[0].bindDn=ldap cas.authn.ldap[0].bindCredential=**** cas.authn.ldap[0].searchFilter=****** cas.authn.ldap[0].principalAttributeId=sAMAccountName cas.authn.ldap[0].connectTimeout=3000 cas.authn.ldap[0].principalAttributeList=displayName,cn,givenName,mail:genmail,synchNr .. cas.authn.ldap[2].name=sth cas.authn.ldap[1].name=ppm But Cas athenticated user via ppm not via everest . Is it way to force auth users to service exampleorg/casphp only via everest. I have made some auth test using API Cas and i see that cas return user profile using everest handler. #!/bin/bash ff=`curl -k -X POST -H 'Content-Type: Application/x-www-form-urlencoded' -H 'Accept: applications/json' https://example.org/casphp/v1/tickets -d 'username=nobody&password=pass'` dd=`curl -X POST -H \"Content-Type: Application/x-www-form-urlencoded\" -H \"Accept: application/json\" https://example.org/casphp/v1/tickets/"$ff"?service=https://example.org/casphp" st=`$dd` vv="curl -k https://example.org/casphp/p3/serviceValidate?service=https://example.org/casphp&ticket="$st echo "|$vv|" result: |<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>nobody</cas:user> <cas:attributes> <cas:credentialType>UsernamePasswordCredential</cas:credentialType> <cas:isFromNewLogin>true</cas:isFromNewLogin> <cas:authenticationDate>2021-12-01T17:12:03.233902Z</cas:authenticationDate> <cas:authenticationMethod>ppm</cas:authenticationMethod> <cas:successfulAuthenticationHandlers>ppm</cas:successfulAuthenticationHandlers> <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed> </cas:attributes> </cas:authenticationSuccess> </cas:serviceResponse>| Thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/35b15f48-320c-4673-864f-f125fed64ac1n%40apereo.org.