Hello C Ryan,
I'm struggle with it long time and i would like ask you like in other
topic ,have you digged solloution, could you share it if it is no problem
for you ? Documentaion is like is ;) you know.
In my instastane i have 3 AD handlers and i would like to have control
over it too.
piątek, 23 października 2020 o 20:42:01 UTC+2 C Ryan napisał(a):
> So this is the current format of this configuration, I'm using the
> wildcard and the /cas/login page itself to simply verify things.
>
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^(https|imaps)://.*",
> "name" : "HTTPS and IMAPS",
> "id" : 10000001,
> "evaluationOrder": 99999
> "authenticationPolicy":
> {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
> "requiredAuthenticationHandlers": ["java.util.TreeSet", ["Radius"]],
> "excludedAuthenticationHandlers": ["java.util.TreeSet", ["LDAP"]]
> }
> }
>
>
> I've also put the following in cas.properties
>
> cas.authn.policy.required-handler-authentication-policy-enabled=true
>
>
>
>
> It is still permitting authentication via the LDAP resource.
>
> At a global level it works, I I do the, for example,
>
> cas.authn.policy.req.try-all=false
> cas.authn.policy.req.handler-name=Radius
> cas.authn.policy.req.enabled=true
>
>
> and in this configuration Radius and only Radius will auth.
>
> Not sure where else to look.
>
> Colin
>
> On 10/21/20 7:06 AM, Colin Ryan wrote:
>
> Ray,
>
> That's where I picked up the configurations for what I've been trying but
> it seems like it's still falling through past the Handler I want to be
> required.
>
> Was just wondering if I'm misinterpreting the need for or the context of
> using the criteria configurations as well.
>
> The configuration example I outlined is basically pulled from that page.
>
> Colin
> On 10/20/20 5:48 PM, Ray Bon wrote:
>
> Colin,
>
> Could this be what your are looking for,
> https://apereo.github.io/cas/6.2.x/services/Configuring-Service-AuthN-Policy.html
>
> Ray
>
> On Tue, 2020-10-20 at 14:24 -0400, Colin Ryan wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Folks,
>
> I have 2 authentication sources. I have services that I want strictly to
> only accept success via a specific source. Even if the same credential pair
> could succeed in either.
>
>
> I've been trying to user the "newer"? authenticationPolicy approaches as
> the logs in my 6.2.3 builds were warning about deprecation of the
> requiredAuth configurations.
>
> So I have LDAP and Radius both backed by the same LDAP but for other
> reasons I want a particular policy to specifically require authentication
> to one or the other.
>
> So to force Radius only to be accepted in a service definition I've tried
> the below. But if for example, I fail on the Radius auth and then try again
> it ends up Authenticating against LDAP1.
>
> Missing something?
>
> authenticationPolicy:
>
> {
>
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
>
> "requiredAuthenticationHandlers" : ["java.util.TreeSet", [ "Radius"
> ]],
>
> criteria": {
>
> "@class":
> "org.apereo.cas.services.AllowedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria"
>
> }
>
> }
>
> Thanks
>
> Colin
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/2cc902b81b87bb8b64c476842c72dc9451089ae2.camel%40uvic.ca
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/2cc902b81b87bb8b64c476842c72dc9451089ae2.camel%40uvic.ca?utm_medium=email&utm_source=footer>
> .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
>
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc75a06d-7d74-8398-f56c-e60c450783dd%40caveo.ca
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc75a06d-7d74-8398-f56c-e60c450783dd%40caveo.ca?utm_medium=email&utm_source=footer>
> .
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0385d8d4-642c-44e7-8e04-862b5262642cn%40apereo.org.
