We are running CAS 4.1.5 and we need to make a couple services do authentication only through CAS without creating an SSO session – that is force renew=true from the CAS server and do not create a session after authenticating (no TGT). My understanding of how to do this (per https://apereo.github.io/cas/4.2.x/installation/Configuring-SSO-Session-Cookie.html) is to set create.sso.renewed.authn=false in cas.properties and include these in the service definition:
"accessStrategy" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : false
},
However, when I do this it does not allow authentication at all with the following complaint in the log:
[org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceManagement: Service [https://ssotest.bgsu.edu … is not allowed to use SSO.
Am I missing something? Can anyone suggest why it is not processing the service parameters as it seems it should?
Thanks.
Ted Fisher
ITS, BGSU