Hide authentication providers

27 views
Skip to first unread message

Oscar Alonso

unread,
Jan 26, 2022, 12:09:50 PMJan 26
to CAS Community
Hi,

This may already be answered somewhere but I've gone crazy looking in the documentation and can't find it.

Is it possible to hide the authentication methods that are not allowed for a registered service so that they do not appear in the CAS login menu?

I mean, if I have defined on one hand an LDAP authentication handler (and named it), and on the other hand delegated authentication through Pac4j to a SAML IdP, is it possible to define in the registered service that each one only sees in the menu its allowed authentication method?

I have managed to make the automatic redirection in the case of the service with delegated authentication (which is fine), but I would like to avoid the external authentication provider appearing in the menu for the other case.

I know (and checked) that authenticating through a not allowed authentication handler is denied, but I want to have a login screen as clean as possible.

Thanks in advance.

BTW, my CAS version is 6.4.5.

Best regards,
Oscar.

Gledson Rabelo

unread,
May 10, 2022, 11:58:30 AMMay 10
to CAS Community, oal...@mailteck.com
Hi Oscar, 

I'm having the same problem. 

Did you make it work and hide the external providers?

Thanks

Gledson

Gledson Rabelo

unread,
May 10, 2022, 1:30:21 PMMay 10
to CAS Community, Gledson Rabelo, oal...@mailteck.com
It worked using the permitUndefined attribute. 

accessStrategy : {
@class : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
delegatedAuthenticationPolicy : {
@class : "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
exclusive: "false",
permitUndefined: "false"
}
}

Migue Jaramago

unread,
May 11, 2022, 10:33:28 AMMay 11
to CAS Community, gle...@gmail.com, oal...@mailteck.com
You can add the allowedProviders property too:

"accessStrategy":
  {
    "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
    "delegatedAuthenticationPolicy" : {
      "@class" : "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
      "allowedProviders" : [ "java.util.ArrayList", [ "NameSamlIdp" ] ],
      "permitUndefined": false,
      "exclusive": true
    }

Reply all
Reply to author
Forward
0 new messages