Hide authentication providers

[Oscar Alonso]

Hi,

This may already be answered somewhere but I've gone crazy looking in the documentation and can't find it.

Is it possible to hide the authentication methods that are not allowed for a registered service so that they do not appear in the CAS login menu?

I mean, if I have defined on one hand an LDAP authentication handler (and named it), and on the other hand delegated authentication through Pac4j to a SAML IdP, is it possible to define in the registered service that each one only sees in the menu its allowed authentication method?

I have managed to make the automatic redirection in the case of the service with delegated authentication (which is fine), but I would like to avoid the external authentication provider appearing in the menu for the other case.

I know (and checked) that authenticating through a not allowed authentication handler is denied, but I want to have a login screen as clean as possible.

Thanks in advance.

BTW, my CAS version is 6.4.5.

Best regards,

Oscar.

[Gledson Rabelo]

Hi Oscar, 

I'm having the same problem. 

Did you make it work and hide the external providers?

Thanks

Gledson

[Gledson Rabelo]

It worked using the permitUndefined attribute. 

accessStrategy : {
@class : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
delegatedAuthenticationPolicy : {
@class : "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
exclusive: "false",
permitUndefined: "false"
}
}

[Migue Jaramago]

You can add the allowedProviders property too:

"accessStrategy":
  {
    "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
    "delegatedAuthenticationPolicy" : {
      "@class" : "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",

      "allowedProviders" : [ "java.util.ArrayList", [ "NameSamlIdp" ] ],
      "permitUndefined": false,
      "exclusive": true
    }