directive: excludedAuthenticationHandler for service cas 6.3.x

9 views

Skip to first unread message

artur miś

unread,

Dec 2, 2021, 6:03:47 AM12/2/21

to CAS Community

Can anybody confirm that excludedAuthenticationHandler works in cas 6.3. ?

https://apereo.github.io/cas/6.3.x/services/Configuring-Service-AuthN-Policy.htm

{ "@class": "org.apereo.cas.services.RegexRegisteredService", "serviceId": "^(https|imaps)://example.org/cas.*", "name": "Example", "id": 1, "authenticationPolicy": { "@class": "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy", "excludedAuthenticationHandlers" : ["java.util.TreeSet", [ "JSON" ]], "criteria": { "@class": "org.apereo.cas.services.ExcludedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria" } } }

I have 3 AD handlers like :

cas.authn.ldap[0].name=everest
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=****
cas.authn.ldap[0].baseDn=****
cas.authn.ldap[0].bindDn=ldap
cas.authn.ldap[0].bindCredential=****
cas.authn.ldap[0].searchFilter=*****
cas.authn.ldap[0].principalAttributeId=sAMAccountName
cas.authn.ldap[0].connectTimeout=3000

cas.authn.ldap[1].name=rysy

...

cas.authn.ldap[3].name=ppm

---

And during testing via Curl API test , Cas used ppm or everest. It means after I restarted cas container I made couple of test and some times Cas used one or other handler from cas.propierties.

I dont know why it doesnt keep always everest (or JSON). I am digging in it long time.

Accordind to:

https://apereo.github.io/cas/6.3.x/services/Configuring-Service-AuthN-Policy.html

I thought that it is possible. I was trying :

Afer test i can see user wasnt foreced to use ony one handler dedicated for service.