Good find! Throwing the error when SSO is disabled, is interrupting the Service ticket granting flow. Based on where this method is called, I question if the intend should be to block the service registration flow. It should definitely validate certain attributes being set and throw exception if otherwise, but forced SSO is already being checked further up in the chain.
On Tuesday, April 9, 2024 at 12:32:18 PM UTC-4 Christopher McCurdy wrote: > It looks to me like this change is responsible for the error, though the > change itself makes sense for the operation of the method, since it > *should* throw an error if SSO is not enabled: > https://github.com/apereo/cas/commit/4933e24a3b791ec6fbdb2e2bcf24a15365345358 > > I would guess that somewhere further up the chain should handle that error > instead of just letting it interrupt the entire login process? > > On Tue, Apr 9, 2024 at 1:59 AM Sreeja Pillai <sreeja...@gmail.com> wrote: > >> I haven't figured it out yet. I rolled back to 6.6.15, where forced SSO >> worked as expected. I am continuing to investigate what change might have >> broken it between 6.6.15 and 7.x. >> >> --Sreeja >> >> On Mon, Apr 8, 2024 at 3:38 PM Christopher McCurdy <cmcc...@udel.edu> >> wrote: >> >>> Sreeja, >>> >>> Were you able to figure this out on your own? I'm experiencing the same >>> issue in that SSO-enabled services work fine, but SSO-disabled services are >>> denied a ticket after validating credentials. >>> >>> On Thu, Mar 21, 2024 at 10:06 AM Sreeja Pillai <sreeja...@gmail.com> >>> wrote: >>> >>>> We are currently on v6.5.9 and trying to upgrade to v7. Most of our >>>> service registrations have SSO enabled and work fine. >>>> However, forced SSO is not working for the ones where SSO access is >>>> disabled. Based on what we see in the logs, service ticket is NOT >>>> generated. >>>> >>>> We did follow the documentation here: >>>> https://apereo.github.io/cas/development/services/Configuring-Service-SSO-Policy.html >>>> >>>> Any ideas what could be missing? >>>> >>>> *JSON service registration:* >>>> >>>> { >>>> "@class" : "org.apereo.cas.services.CasRegisteredService", >>>> "serviceId" : "^(http|https)://authorizetest.hbsstg.org/.*", >>>> "name" : "authorizetest.hbsstg.org", >>>> "id" : "4020", >>>> "description" : "This service definition authorizes all application >>>> urls that support HTTPS protocols.", >>>> "evaluationOrder" : "4020", >>>> "logoutType" : "BACK_CHANNEL", >>>> "attributeReleasePolicy" : >>>> { >>>> "@class" : >>>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", >>>> "allowedAttributes" : >>>> { >>>> "@class" : "java.util.TreeMap", >>>> "employeeNumber" : "PERSON_ID" >>>> }, >>>> "authorizedToReleaseCredentialPassword" : "false", >>>> "authorizedToReleaseProxyGrantingTicket" : "false" >>>> }, >>>> "multifactorPolicy" : >>>> { >>>> "@class" : >>>> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy", >>>> "failureMode" : "CLOSED" >>>> }, >>>> "accessStrategy" : >>>> { >>>> "@class" : >>>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", >>>> "enabled" : "true", >>>> "ssoEnabled" : "false", >>>> "requireAllAttributes" : "true", >>>> "caseInsensitive" : "false" >>>> } >>>> } >>>> >>>> Thank you! >>>> --Sreeja >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to cas-user+u...@apereo.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a034e21-9efe-4f42-851b-152ff96fb01an%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a034e21-9efe-4f42-851b-152ff96fb01an%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> Christopher McCurdy >>> Project Leader >>> IT-ESCS-Application Development >>> University of Delaware >>> (302) 831-3745 >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "CAS Community" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/a/apereo.org/d/topic/cas-user/LL1ZQ5rPOl8/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> cas-user+u...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEi3iFEmWk_tedwTmvvzRcd5XS30NhtP%2B0SW_-dN1ntpsmGtig%40mail.gmail.com >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEi3iFEmWk_tedwTmvvzRcd5XS30NhtP%2B0SW_-dN1ntpsmGtig%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+u...@apereo.org. >> > To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bs%3D9eo_Hh0HBV2fstKZSBqh8yLeK2nmY63-zG1Q-V0JZ3a0Sw%40mail.gmail.com >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bs%3D9eo_Hh0HBV2fstKZSBqh8yLeK2nmY63-zG1Q-V0JZ3a0Sw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Christopher McCurdy > Project Leader > IT-ESCS-Application Development > University of Delaware > (302) 831-3745 > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6fe28e35-0a53-497b-b5d5-43a4de41fcfbn%40apereo.org.
