Following up with more research. After loading a completely bare bones installation of CAS 7.0.4-SNAPSHOT with only a single service with "ssoEnabled: false" in the service definition, I get the same error. The login page is able to determine that there is an active SSO session and prompts for credentials, but fails with this error message when the credentials are entered: *WARN [org.apereo.cas.web.flow.GenerateServiceTicketAction] - <Could not grant service ticket [service.not.authorized.sso]. Routing to [authenticationFailure]>*
On Tue, Apr 9, 2024 at 8:48 AM Christopher McCurdy <cmccu...@udel.edu> wrote: > It looks to me like this change is responsible for the error, though the > change itself makes sense for the operation of the method, since it > *should* throw an error if SSO is not enabled: > https://github.com/apereo/cas/commit/4933e24a3b791ec6fbdb2e2bcf24a15365345358 > > I would guess that somewhere further up the chain should handle that error > instead of just letting it interrupt the entire login process? > > On Tue, Apr 9, 2024 at 1:59 AM Sreeja Pillai <sreeja.pil...@gmail.com> > wrote: > >> I haven't figured it out yet. I rolled back to 6.6.15, where forced SSO >> worked as expected. I am continuing to investigate what change might have >> broken it between 6.6.15 and 7.x. >> >> --Sreeja >> >> On Mon, Apr 8, 2024 at 3:38 PM Christopher McCurdy <cmccu...@udel.edu> >> wrote: >> >>> Sreeja, >>> >>> Were you able to figure this out on your own? I'm experiencing the same >>> issue in that SSO-enabled services work fine, but SSO-disabled services are >>> denied a ticket after validating credentials. >>> >>> On Thu, Mar 21, 2024 at 10:06 AM Sreeja Pillai <sreeja.pil...@gmail.com> >>> wrote: >>> >>>> We are currently on v6.5.9 and trying to upgrade to v7. Most of our >>>> service registrations have SSO enabled and work fine. >>>> However, forced SSO is not working for the ones where SSO access is >>>> disabled. Based on what we see in the logs, service ticket is NOT >>>> generated. >>>> >>>> We did follow the documentation here: >>>> https://apereo.github.io/cas/development/services/Configuring-Service-SSO-Policy.html >>>> >>>> Any ideas what could be missing? >>>> >>>> *JSON service registration:* >>>> >>>> { >>>> "@class" : "org.apereo.cas.services.CasRegisteredService", >>>> "serviceId" : "^(http|https)://authorizetest.hbsstg.org/.*", >>>> "name" : "authorizetest.hbsstg.org", >>>> "id" : "4020", >>>> "description" : "This service definition authorizes all application >>>> urls that support HTTPS protocols.", >>>> "evaluationOrder" : "4020", >>>> "logoutType" : "BACK_CHANNEL", >>>> "attributeReleasePolicy" : >>>> { >>>> "@class" : >>>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", >>>> "allowedAttributes" : >>>> { >>>> "@class" : "java.util.TreeMap", >>>> "employeeNumber" : "PERSON_ID" >>>> }, >>>> "authorizedToReleaseCredentialPassword" : "false", >>>> "authorizedToReleaseProxyGrantingTicket" : "false" >>>> }, >>>> "multifactorPolicy" : >>>> { >>>> "@class" : >>>> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy", >>>> "failureMode" : "CLOSED" >>>> }, >>>> "accessStrategy" : >>>> { >>>> "@class" : >>>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", >>>> "enabled" : "true", >>>> "ssoEnabled" : "false", >>>> "requireAllAttributes" : "true", >>>> "caseInsensitive" : "false" >>>> } >>>> } >>>> >>>> Thank you! >>>> --Sreeja >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to cas-user+unsubscr...@apereo.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a034e21-9efe-4f42-851b-152ff96fb01an%40apereo.org >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a034e21-9efe-4f42-851b-152ff96fb01an%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> Christopher McCurdy >>> Project Leader >>> IT-ESCS-Application Development >>> University of Delaware >>> (302) 831-3745 >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "CAS Community" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/a/apereo.org/d/topic/cas-user/LL1ZQ5rPOl8/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> cas-user+unsubscr...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEi3iFEmWk_tedwTmvvzRcd5XS30NhtP%2B0SW_-dN1ntpsmGtig%40mail.gmail.com >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEi3iFEmWk_tedwTmvvzRcd5XS30NhtP%2B0SW_-dN1ntpsmGtig%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bs%3D9eo_Hh0HBV2fstKZSBqh8yLeK2nmY63-zG1Q-V0JZ3a0Sw%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bs%3D9eo_Hh0HBV2fstKZSBqh8yLeK2nmY63-zG1Q-V0JZ3a0Sw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Christopher McCurdy > Project Leader > IT-ESCS-Application Development > University of Delaware > (302) 831-3745 > -- Christopher McCurdy Project Leader IT-ESCS-Application Development University of Delaware (302) 831-3745 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEi3iFFDhjWJSfvPiL0_Ao6RKKMJfbzxVDe5cFFQf7w65Oh%2Bag%40mail.gmail.com.
