Hi Justin, I think when you say CAS protocol can use *ssoEnabled *( https://apereo.github.io/cas/5.3.x/installation/Configuring-Service-Access-Strategy.html) to enabled / disabled sso.
I have once altered CAS to make OAuth protocol also support ssoEnabled, although it is a big of a hack so I didn't brother submitting PR Unfortunately, I don't have the modified code at hand so I am just going to explain my flow with you in text, see if will help you: - First, Why this ssoEnabled didn't work for OAuth service is because when the ssoEnabled specified in your actual service, (let say: *https://www.example.com/oauth-service*), didn't actual take effect - *It is the generic OAuth service* (i.e. https://www.your-cas-server.com/cas/oauth2.0/...) that generated by CAS that looked at the *ssoEnabled *flag - In other word, normally if you make your service https://www.example.com/oauth-service: *ssoEnabled=false*, it will have no effect - But if you override the generated OAuth service, which is https://www.your-cas-server.com/cas/oauth2.0/.. (I forget the exact path...), and set *ssoEnabled=false*, ssoEnabled will be disabled as expected - But here's a tricky point: You won't always want all OAuth to be ssoEnabled=false - So what I did was, in the place where CAS service look at ssoEnabled, I do some calculation and replace the to be seen https://www.your-cas-server.com/cas/oauth2.0/... ssoEnabled settings with *https://www.example.com/oauth-service* settings. - Then this way, the ssoEnabled defined to *https://www.example.com/oauth-service *will also take effect as expected. See if other have better method to do this OAuth Force Reauthentication, because I think my method is kind of dirty so if there are better method you should use those first. Hope this info helps you. Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4c793b9c-8496-4cc5-a2f7-fd0559cbbfde%40apereo.org.
