Does anyone use ssoEnabled in service definitions

[Ted Fisher]

I’d like to try to rephrase my question since I only got one response:

 

Is anyone using ssoEnabled set false in service definitions to effect the same as renew=true from the client side?

 

I haven’t been able to get it to work and even insane levels of logging don’t reveal much, which puts me at a dead end.

 

Can anyone suggest what the problem might be or where I could look for how to get it working?

 

Thanks.

 

Ted Fisher

 

From: cas-...@apereo.org <cas-...@apereo.org> On Behalf Of Ted Fisher
Sent: Tuesday, March 20, 2018 10:09 AM
To: cas-...@apereo.org
Subject: [cas-user] ssoEnabled in service definition not working correctly

 

 

We are running CAS 4.1.5 and we need to make a couple services do authentication only through CAS without creating an SSO session – that is force renew=true from the CAS server and do not create a session after authenticating (no TGT).  My understanding of how to do this (per https://apereo.github.io/cas/4.2.x/installation/Configuring-SSO-Session-Cookie.html)  is to set create.sso.renewed.authn=false in cas.properties and include these in the service definition:

   "accessStrategy" : {

    "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",

    "enabled" : true,

    "ssoEnabled" : false

   },

 

However, when I do this it does not allow authentication at all with the following complaint in the log:

[org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceManagement: Service [https://ssotest.bgsu.edu … is not allowed to use SSO.

Am I missing something?  Can anyone suggest why it is not processing the service parameters as it seems it should?

 

Thanks.

 

Ted Fisher

ITS, BGSU

 

 

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB29339FFE13545423F8F44CA8C0AB0%40CY4PR05MB2933.namprd05.prod.outlook.com.

[Man H]

Put service with ssoenabled=false in first order of evaluation

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB29339FFE13545423F8F44CA8C0AB0%40CY4PR05MB2933.namprd05.prod.outlook.com.

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB293322A0CE40570D36D9C929C0A90%40CY4PR05MB2933.namprd05.prod.outlook.com.