Put service with ssoenabled=false in first order of evaluation El jueves, 22 de marzo de 2018, Ted Fisher <[email protected]> escribió:
> I’d like to try to rephrase my question since I only got one response: > > > > Is anyone using ssoEnabled set false in service definitions to effect the > same as renew=true from the client side? > > > > I haven’t been able to get it to work and even insane levels of logging > don’t reveal much, which puts me at a dead end. > > > > Can anyone suggest what the problem might be or where I could look for how > to get it working? > > > > Thanks. > > > > Ted Fisher > > > > *From:* [email protected] <[email protected]> *On Behalf Of *Ted > Fisher > *Sent:* Tuesday, March 20, 2018 10:09 AM > *To:* [email protected] > *Subject:* [cas-user] ssoEnabled in service definition not working > correctly > > > > > > We are running CAS 4.1.5 and we need to make a couple services do > authentication only through CAS without creating an SSO session – that is > force renew=true from the CAS server and do not create a session after > authenticating (no TGT). My understanding of how to do this (per > https://apereo.github.io/cas/4.2.x/installation/Configuring-SSO-Session- > Cookie.html > <https://secure-web.cisco.com/1s_pvZqDqYPJVO438pQqU4TvLqSWEVVXhRTubAWqNG_zCG4sZipfcv2gMmyvv6Pnuic8d9W71uoVFSpzoe4SrCBrrGj77jNdDhCpNUFS48lyggImaSqJpgS8GT4kdSbenRxGUWtL4BAChy_TqNDrt5_VqPj_BZzviNTnes7Dx3-G2Bf3DNFdHlrJ6i7lsdqCWzJ3cfruWVLnJYKKzLOfdrntOmHVRV6shEmtdjXBFm2pnOGksaIBxSzPNpVLN8RQziE18DQz_XVkqU6l4qdo-JqIiwYmzIZAMUrusGSLTrk_eVqhdF7rrRMit2ct2v6gWk1g_qxCkVVCKj_9BB-2YUXRea4bl6XH9OYzp69ltj4RRQUl27IGb-Rgx3bo0cUaLMhX1JkSoA659I6X19HBD2qaSq3pq0SzdPyQuJgI4w3MrxcWiKCL1PdApeVczjhRClreJgCtXWOu6j_iRFw2gktzHauRGZJO6k0Ccz7orXAeXXwUBXLiVRDshBFVphmuFqjsCa9OGZFuKdExyT4MkpQ/https%3A%2F%2Fapereo.github.io%2Fcas%2F4.2.x%2Finstallation%2FConfiguring-SSO-Session-Cookie.html>) > is to set create.sso.renewed.authn=false in cas.properties and include > these in the service definition: > > "accessStrategy" : { > > "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccess > Strategy", > > "enabled" : true, > > "ssoEnabled" : false > > }, > > > > However, when I do this it does not allow authentication at all with the > following complaint in the log: > > [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceManagement: > Service [https://ssotest.bgsu.edu *… is not allowed to use SSO.* > > Am I missing something? Can anyone suggest why it is not processing the > service parameters as it seems it should? > > > > Thanks. > > > > Ted Fisher > > ITS, BGSU > > > > > > -- > - Website: https://apereo.github.io/cas > <https://secure-web.cisco.com/1Nay-_am2Z0y6SDgH9HR3bvkwDNLknPf6fWKCUTaI2eNuNffnDeBbql3GT6SyBvfMWzMz0YDF0DnVCRfgxXlG2qu_TfueVHVDIlKVuuiSb4xZtL_OxDGf5nPl2LA-uQS4OF6ky84Xzg7oo6DOs-ey7H4OrwpNbLaVqzufp4o-ZqX7vz9ahOt-w9lyL65LFmIa9y-6PgXT5pKt212zDWiKps5v3LPw5I1kTAYQ4lOS6VmbKXoWdZ5yRGIqZhBlYdCqpeheDbnn6nsWIiNP4CKU4wWOlsdE3EcfIrTql3UUsouVo55DbsUk6qqsfVtTr0qxXp9AlNMieVt1HFwe4mdK3GW2hRhqnKgVltYFAR44xaQNuqTPjZD7cJ__eg7Ek8wxo3CnDrpZM7LfI617H_ge05xGilnGMbVCr3QPDMqlxKW6olssr3tY2JrLO6zvN0dLOw1KQcZ_cwKr71wRQrv5oia1hlhO3WLSsj9ZlPm4pvwYCzvQ8RdnS8vZOJuwNuUkeqk97Dz7oL8CbEbWFpOQPg/https%3A%2F%2Fapereo.github.io%2Fcas> > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CY4PR05MB29339FFE13545423F8F44 > CA8C0AB0%40CY4PR05MB2933.namprd05.prod.outlook.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB29339FFE13545423F8F44CA8C0AB0%40CY4PR05MB2933.namprd05.prod.outlook.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CY4PR05MB293322A0CE40570D36D9C > 929C0A90%40CY4PR05MB2933.namprd05.prod.outlook.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB293322A0CE40570D36D9C929C0A90%40CY4PR05MB2933.namprd05.prod.outlook.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifCM2V3rLM9cnOExzOvuXzwYhLi-WXew8zadL_dvs_Wrw%40mail.gmail.com.
