Could you please if you can show cas.auth.policies too ,you have
connectet to this solution ?
AM
czwartek, 2 grudnia 2021 o 17:04:45 UTC+1 C Ryan napisał(a):
> This is what I'm using...to be honest I can't seem to recall if this does
> not bother trying the other resources...I think it does what we originally
> wanted.
>
>
> "authenticationPolicy": {
> "requiredAuthenticationHandlers": ["LDAP"],
> "criteria": {
> "tryAll": false,
> "_class":
> "org.apereo.cas.services.AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria"
> },
> "_class":
> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy"
> },
> On 12/2/21 10:34 AM, artur miś wrote:
>
> Have you find out solution ?
>
> wtorek, 4 maja 2021 o 17:58:20 UTC+2 C Ryan napisał(a):
>
>> Folks,
>>
>>
>> Sorry for the likely stupid post, I swore I had sorted this prior. But I
>> have 3 authentication sources defined. LDAP, Radius and Google MFA.
>>
>> I want to restrict a service to using - and most importantly trying -
>> only an explicitly configured service. I.e. If I say LDAP as the Auth
>> Resource, upon a failure I do _not_ want it to go ahead and try the other
>> resources.
>>
>>
>> In cas.properties I have:
>>
>>
>> cas.authn.policy.source-selection-enabled=false
>>
>> cas.authn.policy.required-handler-authentication-policy-enabled=true
>>
>> cas.authn.policy.req.try-all=false
>>
>>
>> and an example service definition as below:
>>
>>
>> {
>>
>> "_id": {
>>
>> "$numberLong": "9999999999999"
>>
>> },
>>
>> "serviceId": "xxxxxxxxxx",
>>
>> "name": "SSO CAS Server",
>>
>> "expirationPolicy": {
>>
>> "deleteWhenExpired": false,
>>
>> "notifyWhenDeleted": false,
>>
>> "notifyWhenExpired": false,
>>
>> "_class":
>> "org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy"
>>
>> },
>>
>> "acceptableUsagePolicy": {
>>
>> "enabled": true,
>>
>> "_class":
>> "org.apereo.cas.services.DefaultRegisteredServiceAcceptableUsagePolicy"
>>
>> },
>>
>> "proxyPolicy": {
>>
>> "_class":
>> "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"
>>
>> },
>>
>> "proxyTicketExpirationPolicy": {
>>
>> "numberOfUses": {
>>
>> "$numberLong": "0"
>>
>> },
>>
>> "_class":
>> "org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy"
>>
>> },
>>
>> "serviceTicketExpirationPolicy": {
>>
>> "numberOfUses": {
>>
>> "$numberLong": "0"
>>
>> },
>>
>> "_class":
>> "org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy"
>>
>> },
>>
>> "evaluationOrder": 99999,
>>
>> "usernameAttributeProvider": {
>>
>> "canonicalizationMode": "NONE",
>>
>> "encryptUsername": false,
>>
>> "_class":
>> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider"
>>
>> },
>>
>> "logoutType": "BACK_CHANNEL",
>>
>> "environments": [],
>>
>> "attributeReleasePolicy": {
>>
>> "principalAttributesRepository": {
>>
>> "mergingStrategy": "MULTIVALUED",
>>
>> "attributeRepositoryIds": [],
>>
>> "ignoreResolvedAttributes": false,
>>
>> "_class":
>> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
>>
>> },
>>
>> "consentPolicy": {
>>
>> "enabled": true,
>>
>> "order": 0,
>>
>> "_class":
>> "org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy"
>>
>> },
>>
>> "authorizedToReleaseCredentialPassword": false,
>>
>> "authorizedToReleaseProxyGrantingTicket": false,
>>
>> "excludeDefaultAttributes": false,
>>
>> "authorizedToReleaseAuthenticationAttributes": true,
>>
>> "order": 0,
>>
>> "_class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>>
>> },
>>
>> "multifactorPolicy": {
>>
>> "multifactorAuthenticationProviders": [],
>>
>> "failureMode": "UNDEFINED",
>>
>> "bypassEnabled": false,
>>
>> "forceExecution": false,
>>
>> "bypassTrustedDeviceEnabled": false,
>>
>> "_class":
>> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy"
>>
>> },
>>
>> "accessStrategy": {
>>
>> "order": 0,
>>
>> "enabled": true,
>>
>> "ssoEnabled": true,
>>
>> "delegatedAuthenticationPolicy": {
>>
>> "allowedProviders": [],
>>
>> "permitUndefined": true,
>>
>> "exclusive": false,
>>
>> "_class":
>> "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy"
>>
>> },
>>
>> "requireAllAttributes": true,
>>
>> "requiredAttributes": {},
>>
>> "rejectedAttributes": {},
>>
>> "caseInsensitive": false,
>>
>> "_class":
>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy"
>>
>> },
>>
>> "authenticationPolicy": {
>>
>> "requiredAuthenticationHandlers" : ["java.util.TreeSet", [ "LDAP" ]],
>>
>> "criteria": {
>>
>> "tryAll": false,
>>
>> "_class":
>> "org.apereo.cas.services.AllowedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria"
>>
>> },
>>
>> "_class":
>> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy"
>>
>> },
>>
>> "properties": {},
>>
>> "contacts": [],
>>
>> "_class": "org.apereo.cas.services.RegexRegisteredService"
>>
>> }
>>
>> What am I missing?
>>
>> Thanks
>>
>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b4947a60-06ec-448e-9cf8-a997ae8cd78cn%40apereo.org.
