Cas Allow Any Required Handler for Service Ticket Validation

[Cemal Önder]

I have a service definition as follows:

    ...
      "requiredHandlers": [
        "java.util.HashSet",
        [
          "FooAuthHandler",
          "BarAuthHandler"
        ]
      ],
    ...

There is a policy for /login flows where we can enable:

     cas.authn.policy.any.tryAll=false


     cas.authn.policy.any.enabled=true

so than if I successfully authenticated in one of the above it works. But if I call /ticket endpoint directly (via enabling CAS REST) than I get an exception. (Exception is too generic -> The application you attempted to authenticate to is not authorized to use CAS... Instead I will show where it thrown )

When I look at line from CAS Source

    val matchesAll = assertedHandlers.containsAll(registeredService.getRequiredHandlers());
                    if (!matchesAll) {
                        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, StringUtils.EMPTY);
                    }

It tries to check every handler that registered, in the TGT's successful handlers which I don't want. 

    assertedHandlers -> FooAuthHandler
    registeredService.getRequiredHandlers -> FooAuthHandler + BarAuthHandler

exception is thrown.

I check the source code and could not find a configuration to make it the same behavior with /login flow which I describe above (for any match). Am I missing something, how can I achieve this via /ticket endpoint?

CAS version: 6.0

CAS config:

    cas.authn.policy.any.tryAll=false

    cas.authn.policy.any.enabled=true