Allow REST login, but prohibit web login
76 views
Skip to first unread message
Ben P
Nov 10, 2023, 8:11:41 AM11/10/23
to CAS Community
Dear CAS-Community,
In our setup we'd like to use the TGT Rest mechanism (https://apereo.github.io/cas/6.5.x/protocol/REST-Protocol-Request-TicketGrantingTicket.html) for a specific(!) user (backed by LDAP) but
do not allow a web-login for this user.
So bascially any tried weblogin should be ignored by CAS (resp LDAP) and the account should not be locked
Any ideas to accomplish this?
tnx & regards
Ray Bon
Nov 10, 2023, 2:43:50 PM11/10/23
to cas-...@apereo.org
Ben,
This policy would prevent a login _after_ the REST session was established, https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Policy-UniquePrincipal.html
There is also a custom groovy script option, https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Policy-Groovy.html
Not sure if the script has access to the login flow session, and consequently, the service.
Other authn policies, https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Policy.html
Ray
On Fri, 2023-11-10 at 05:08 -0800, Ben P wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Reply all
Reply to author
Forward
0 new messages