[cas-user] Re: Exclusive Authentication Source

Thu, 02 Dec 2021 07:34:52 -0800 

Have you find out solution ?

wtorek, 4 maja 2021 o 17:58:20 UTC+2 C Ryan napisał(a):

> Folks,
>
>
> Sorry for the likely stupid post, I swore I had sorted this prior. But I 
> have 3 authentication sources defined. LDAP, Radius and Google MFA.
>
> I want to restrict a service to using - and most importantly trying - only 
> an explicitly configured service. I.e. If I say LDAP as the Auth Resource, 
> upon a failure I do _not_ want it to go ahead and try the other resources.
>
>
> In cas.properties I have:
>
>
> cas.authn.policy.source-selection-enabled=false
>
> cas.authn.policy.required-handler-authentication-policy-enabled=true
>
> cas.authn.policy.req.try-all=false
>
>
> and an example service definition as below:
>
>
> {
>
>     "_id": {
>
>         "$numberLong": "9999999999999"
>
>     },
>
>     "serviceId": "xxxxxxxxxx",
>
>     "name": "SSO CAS Server",
>
>     "expirationPolicy": {
>
>         "deleteWhenExpired": false,
>
>         "notifyWhenDeleted": false,
>
>         "notifyWhenExpired": false,
>
>         "_class": 
> "org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy"
>
>     },
>
>     "acceptableUsagePolicy": {
>
>         "enabled": true,
>
>         "_class": 
> "org.apereo.cas.services.DefaultRegisteredServiceAcceptableUsagePolicy"
>
>     },
>
>     "proxyPolicy": {
>
>         "_class": "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"
>
>     },
>
>     "proxyTicketExpirationPolicy": {
>
>         "numberOfUses": {
>
>             "$numberLong": "0"
>
>         },
>
>         "_class": 
> "org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy"
>
>     },
>
>     "serviceTicketExpirationPolicy": {
>
>         "numberOfUses": {
>
>             "$numberLong": "0"
>
>         },
>
>         "_class": 
> "org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy"
>
>     },
>
>     "evaluationOrder": 99999,
>
>     "usernameAttributeProvider": {
>
>         "canonicalizationMode": "NONE",
>
>         "encryptUsername": false,
>
>         "_class": 
> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider"
>
>     },
>
>     "logoutType": "BACK_CHANNEL",
>
>     "environments": [],
>
>     "attributeReleasePolicy": {
>
>         "principalAttributesRepository": {
>
>             "mergingStrategy": "MULTIVALUED",
>
>             "attributeRepositoryIds": [],
>
>             "ignoreResolvedAttributes": false,
>
>             "_class": 
> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
>
>         },
>
>         "consentPolicy": {
>
>             "enabled": true,
>
>             "order": 0,
>
>             "_class": 
> "org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy"
>
>         },
>
>         "authorizedToReleaseCredentialPassword": false,
>
>         "authorizedToReleaseProxyGrantingTicket": false,
>
>         "excludeDefaultAttributes": false,
>
>         "authorizedToReleaseAuthenticationAttributes": true,
>
>         "order": 0,
>
>         "_class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>
>     },
>
>     "multifactorPolicy": {
>
>         "multifactorAuthenticationProviders": [],
>
>         "failureMode": "UNDEFINED",
>
>         "bypassEnabled": false,
>
>         "forceExecution": false,
>
>         "bypassTrustedDeviceEnabled": false,
>
>         "_class": 
> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy"
>
>     },
>
>     "accessStrategy": {
>
>         "order": 0,
>
>         "enabled": true,
>
>         "ssoEnabled": true,
>
>         "delegatedAuthenticationPolicy": {
>
>             "allowedProviders": [],
>
>             "permitUndefined": true,
>
>             "exclusive": false,
>
>             "_class": 
> "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy"
>
>         },
>
>         "requireAllAttributes": true,
>
>         "requiredAttributes": {},
>
>         "rejectedAttributes": {},
>
>         "caseInsensitive": false,
>
>         "_class": 
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy"
>
>     },
>
>     "authenticationPolicy": {
>
>         "requiredAuthenticationHandlers" : ["java.util.TreeSet", [ "LDAP" ]],
>
>         "criteria": {
>
>             "tryAll": false,
>
>             "_class": 
> "org.apereo.cas.services.AllowedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria"
>
>         },
>
>         "_class": 
> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy"
>
>     },
>
>     "properties": {},
>
>     "contacts": [],
>
>     "_class": "org.apereo.cas.services.RegexRegisteredService"
>
> }
>
> What am I missing?
>
> Thanks
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/39a8a314-47e2-438e-ae0f-c1c866575860n%40apereo.org.

Reply via email to