Hello,
- 3 handlers .
- 2 services
If i have in service AA
"authenticationPolicy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
"requiredAuthenticationHandlers" : ["java.util.TreeSet", ["a", "b" ]],
"excludedAuthenticationHandlers" : ["java.util.TreeSet", ["c"]]
and
service BB
"authenticationPolicy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
"requiredAuthenticationHandlers" : ["java.util.TreeSet", [
"a", "b", "c
]],
"excludedAuthenticationHandlers" : ["java.util.TreeSet", []]
At the beginning I tried auth to service AA (user is member of group for searchfilter handler c) - that's WORK i can't auth
excludedAuthenticationHandlers" work in perfect way . Later, I started browse
https://BB as the users like before from c handler. After loging into BB service i tried acces to
http://AA/login and i was suprised i received accesc granted without wrinting password again .
So
"excludedAuthenticationHandlers" no work in this case if user was already authenticated before for service BB.
How can i lock posibility auth user to service AA if he was authed to BB without switching off sso becouse i would like to have that sharing key to be work if i have user in b handler.
Sample handler a:
cas.authn.ldap[0].name=ktolet
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://fff:port
cas.authn.ldap[0].baseDn=dc=fc,dc=int
cas.authn.ldap[0].bindDn=ldap
cas.authn.ldap[0].bindCredential=vgvb
cas.authn.ldap[0].searchFilter=(&(memberOf=CN=gvSM. etc .)(sAMAccountName={user}))
cas.authn.ldap[0].principalAttributeId=sAMAccountName