I’d like to try to rephrase my question since I only got one response: Is anyone using ssoEnabled set false in service definitions to effect the same as renew=true from the client side?
I haven’t been able to get it to work and even insane levels of logging don’t reveal much, which puts me at a dead end. Can anyone suggest what the problem might be or where I could look for how to get it working? Thanks. Ted Fisher From: [email protected] <[email protected]> On Behalf Of Ted Fisher Sent: Tuesday, March 20, 2018 10:09 AM To: [email protected] Subject: [cas-user] ssoEnabled in service definition not working correctly We are running CAS 4.1.5 and we need to make a couple services do authentication only through CAS without creating an SSO session – that is force renew=true from the CAS server and do not create a session after authenticating (no TGT). My understanding of how to do this (per https://apereo.github.io/cas/4.2.x/installation/Configuring-SSO-Session-Cookie.html<https://secure-web.cisco.com/1s_pvZqDqYPJVO438pQqU4TvLqSWEVVXhRTubAWqNG_zCG4sZipfcv2gMmyvv6Pnuic8d9W71uoVFSpzoe4SrCBrrGj77jNdDhCpNUFS48lyggImaSqJpgS8GT4kdSbenRxGUWtL4BAChy_TqNDrt5_VqPj_BZzviNTnes7Dx3-G2Bf3DNFdHlrJ6i7lsdqCWzJ3cfruWVLnJYKKzLOfdrntOmHVRV6shEmtdjXBFm2pnOGksaIBxSzPNpVLN8RQziE18DQz_XVkqU6l4qdo-JqIiwYmzIZAMUrusGSLTrk_eVqhdF7rrRMit2ct2v6gWk1g_qxCkVVCKj_9BB-2YUXRea4bl6XH9OYzp69ltj4RRQUl27IGb-Rgx3bo0cUaLMhX1JkSoA659I6X19HBD2qaSq3pq0SzdPyQuJgI4w3MrxcWiKCL1PdApeVczjhRClreJgCtXWOu6j_iRFw2gktzHauRGZJO6k0Ccz7orXAeXXwUBXLiVRDshBFVphmuFqjsCa9OGZFuKdExyT4MkpQ/https%3A%2F%2Fapereo.github.io%2Fcas%2F4.2.x%2Finstallation%2FConfiguring-SSO-Session-Cookie.html>) is to set create.sso.renewed.authn=false in cas.properties and include these in the service definition: "accessStrategy" : { "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "ssoEnabled" : false }, However, when I do this it does not allow authentication at all with the following complaint in the log: [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceManagement: Service [https://ssotest.bgsu.edu … is not allowed to use SSO. Am I missing something? Can anyone suggest why it is not processing the service parameters as it seems it should? Thanks. Ted Fisher ITS, BGSU -- - Website: https://apereo.github.io/cas<https://secure-web.cisco.com/1Nay-_am2Z0y6SDgH9HR3bvkwDNLknPf6fWKCUTaI2eNuNffnDeBbql3GT6SyBvfMWzMz0YDF0DnVCRfgxXlG2qu_TfueVHVDIlKVuuiSb4xZtL_OxDGf5nPl2LA-uQS4OF6ky84Xzg7oo6DOs-ey7H4OrwpNbLaVqzufp4o-ZqX7vz9ahOt-w9lyL65LFmIa9y-6PgXT5pKt212zDWiKps5v3LPw5I1kTAYQ4lOS6VmbKXoWdZ5yRGIqZhBlYdCqpeheDbnn6nsWIiNP4CKU4wWOlsdE3EcfIrTql3UUsouVo55DbsUk6qqsfVtTr0qxXp9AlNMieVt1HFwe4mdK3GW2hRhqnKgVltYFAR44xaQNuqTPjZD7cJ__eg7Ek8wxo3CnDrpZM7LfI617H_ge05xGilnGMbVCr3QPDMqlxKW6olssr3tY2JrLO6zvN0dLOw1KQcZ_cwKr71wRQrv5oia1hlhO3WLSsj9ZlPm4pvwYCzvQ8RdnS8vZOJuwNuUkeqk97Dz7oL8CbEbWFpOQPg/https%3A%2F%2Fapereo.github.io%2Fcas> - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB29339FFE13545423F8F44CA8C0AB0%40CY4PR05MB2933.namprd05.prod.outlook.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB29339FFE13545423F8F44CA8C0AB0%40CY4PR05MB2933.namprd05.prod.outlook.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB293322A0CE40570D36D9C929C0A90%40CY4PR05MB2933.namprd05.prod.outlook.com.
