Hmm, I don't think that should be a problem then, unless you have the
applications all bundled together in the same deployable, with the "unsecured"
level beneath the "secured" level?
For example, we have multiple applications deployed on the same Tomcat instance
(CAS, our campus portal, a "diagnostic" application, and a "user feedback"
application.) The campus portal is CASified, but the diagnostic and user
feedback applications aren't. We didn't have to do anything special to exempt
the diag and feedback apps, we simply didn't tell them anything at all about
CAS, so they don't demand authentication.
For the campus portal application, we have an "unsecured" level, and a
"secured" level. Basically, anything in the application at the "/secure/" level
and beneath requires authentication, but everything not in that "secure" folder
is anonymous. This is defined by the "CAS Filter" filter-mapping in our web.xml
file:
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/secure/*</url-pattern>
</filter-mapping>
Chris
>>> William <[email protected]> 02/08/16 8:31 AM >>>
Chris,
I have a situation where I need to deploy unsecured applications on the same
application server instance that CAS is deployed to.
I would like to have this one context root not protected by SSO.
Regards.
On Monday, February 8, 2016 at 9:11:54 AM UTC-5, Christopher Myers wrote:Just
out of curiosity - why even have CAS enabled on an application when you don't
want someone to have to login? Wouldn't it be easier to just not require CAS?
Or am I misreading/missing something?
Also, what kind of environment are you using? Eg., is the application java,
php, asp, etc.?
Chris
>>> William <[email protected]> 02/08/16 7:57 AM >>>
Re-posting this in cas-user. Mistakenly posted in cas-dev last week.
Update: I tried setting ssoEnabled to true as Misagh suggested, and I am still
getting prompted for user ID and password.
I am using CAS 4.1.4 (using Maven Overlay) with Tomcat 8.0.26.
I am struggling with allowing anonymous access to a particular web application
with the context root of "keepalive".
I keep getting prompted for the SSO login page. I have looked on the Wiki and
cannot find info on this: https://jasig.github.io/cas/4.1.x/index.html
The rest of my applications are protected with CAS SSO. That part works fine.
I am certain this is something I am doing incorrectly.
Is this something I need to configure in CAS securityContext.xml? Or, is this
configured in the .json file for the registered service?
The .json file for this service is below. I have set the ssoEnabled attribute
to false on the access strategy:
{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "https://localhost:8443/keepalive.*";,
"name" : "Keepalive Application",
"id" : 103479920584348,
"description" : "Keepalive Application",
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"evaluationOrder" : 1,
"usernameAttributeProvider" : {
"@class" :
"org.jasig.cas.services.AnonymousRegisteredServiceUsernameAttributeProvider",
"persistentIdGenerator" : {
"@class" :
"org.jasig.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
"salt" : "Salty"
}
},
"logoutType" : "BACK_CHANNEL",
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
"principalAttributesRepository" : {
"@class" :
"org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository"
},
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : false
},
"accessStrategy" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true,
"requireAllAttributes" : false
}
}
Thank you.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
