ssoEnabled in service definition not working correctly

38 views
Skip to first unread message

Ted Fisher

unread,
Mar 20, 2018, 10:09:24 AM3/20/18
to cas-...@apereo.org

 

We are running CAS 4.1.5 and we need to make a couple services do authentication only through CAS without creating an SSO session – that is force renew=true from the CAS server and do not create a session after authenticating (no TGT).  My understanding of how to do this (per https://apereo.github.io/cas/4.2.x/installation/Configuring-SSO-Session-Cookie.html)  is to set create.sso.renewed.authn=false in cas.properties and include these in the service definition:

   "accessStrategy" : {

    "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",

    "enabled" : true,

    "ssoEnabled" : false

   },

 

However, when I do this it does not allow authentication at all with the following complaint in the log:

[org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceManagement: Service [https://ssotest.bgsu.edu … is not allowed to use SSO.

Am I missing something?  Can anyone suggest why it is not processing the service parameters as it seems it should?

 

Thanks.

 

Ted Fisher

ITS, BGSU

 

 

Michael Peterson

unread,
Mar 20, 2018, 12:01:04 PM3/20/18
to CAS Community

Hi,

I am using CAS 5.2.2 and tried out disabling SSO (see attached image). It appears to be the same setting you  turned off.
I found that I had to first completely log out of CAS before trying to access the service. Otherwise if I was already signed in and visited the service, it did correctly show a login screen, BUT it would fail in logging me in even though I supplied correct credentials.

Hope this helps, it is all I really know about it.

-Michael
Reply all
Reply to author
Forward
0 new messages