I’m trying to re-phrase this once more. We have a need to have some CAS services authenticate with CAS but not start an SSO session. So, effectively as soon as the service ticket is created the TGT would be expired (or removed) so that no session existed from that point. At one point I thought I saw a discussion of doing just that, deleting the TGT after the ST is created. But, I can’t find any reference to that now.
Is anyone familiar with this concept or know a way to make it happen? Thanks. Ted From: [email protected] <[email protected]> On Behalf Of Ted Fisher Sent: Thursday, March 22, 2018 7:47 AM To: [email protected] Subject: [cas-user] Does anyone use ssoEnabled in service definitions I’d like to try to rephrase my question since I only got one response: Is anyone using ssoEnabled set false in service definitions to effect the same as renew=true from the client side? I haven’t been able to get it to work and even insane levels of logging don’t reveal much, which puts me at a dead end. Can anyone suggest what the problem might be or where I could look for how to get it working? Thanks. Ted Fisher From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> On Behalf Of Ted Fisher Sent: Tuesday, March 20, 2018 10:09 AM To: [email protected]<mailto:[email protected]> Subject: [cas-user] ssoEnabled in service definition not working correctly We are running CAS 4.1.5 and we need to make a couple services do authentication only through CAS without creating an SSO session – that is force renew=true from the CAS server and do not create a session after authenticating (no TGT). My understanding of how to do this (per https://apereo.github.io/cas/4.2.x/installation/Configuring-SSO-Session-Cookie.html<https://secure-web.cisco.com/1s_pvZqDqYPJVO438pQqU4TvLqSWEVVXhRTubAWqNG_zCG4sZipfcv2gMmyvv6Pnuic8d9W71uoVFSpzoe4SrCBrrGj77jNdDhCpNUFS48lyggImaSqJpgS8GT4kdSbenRxGUWtL4BAChy_TqNDrt5_VqPj_BZzviNTnes7Dx3-G2Bf3DNFdHlrJ6i7lsdqCWzJ3cfruWVLnJYKKzLOfdrntOmHVRV6shEmtdjXBFm2pnOGksaIBxSzPNpVLN8RQziE18DQz_XVkqU6l4qdo-JqIiwYmzIZAMUrusGSLTrk_eVqhdF7rrRMit2ct2v6gWk1g_qxCkVVCKj_9BB-2YUXRea4bl6XH9OYzp69ltj4RRQUl27IGb-Rgx3bo0cUaLMhX1JkSoA659I6X19HBD2qaSq3pq0SzdPyQuJgI4w3MrxcWiKCL1PdApeVczjhRClreJgCtXWOu6j_iRFw2gktzHauRGZJO6k0Ccz7orXAeXXwUBXLiVRDshBFVphmuFqjsCa9OGZFuKdExyT4MkpQ/https%3A%2F%2Fapereo.github.io%2Fcas%2F4.2.x%2Finstallation%2FConfiguring-SSO-Session-Cookie.html>) is to set create.sso.renewed.authn=false in cas.properties and include these in the service definition: "accessStrategy" : { "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "ssoEnabled" : false }, However, when I do this it does not allow authentication at all with the following complaint in the log: [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceManagement: Service [https://ssotest.bgsu.edu … is not allowed to use SSO. Am I missing something? Can anyone suggest why it is not processing the service parameters as it seems it should? Thanks. Ted Fisher ITS, BGSU -- - Website: https://apereo.github.io/cas<https://secure-web.cisco.com/1Nay-_am2Z0y6SDgH9HR3bvkwDNLknPf6fWKCUTaI2eNuNffnDeBbql3GT6SyBvfMWzMz0YDF0DnVCRfgxXlG2qu_TfueVHVDIlKVuuiSb4xZtL_OxDGf5nPl2LA-uQS4OF6ky84Xzg7oo6DOs-ey7H4OrwpNbLaVqzufp4o-ZqX7vz9ahOt-w9lyL65LFmIa9y-6PgXT5pKt212zDWiKps5v3LPw5I1kTAYQ4lOS6VmbKXoWdZ5yRGIqZhBlYdCqpeheDbnn6nsWIiNP4CKU4wWOlsdE3EcfIrTql3UUsouVo55DbsUk6qqsfVtTr0qxXp9AlNMieVt1HFwe4mdK3GW2hRhqnKgVltYFAR44xaQNuqTPjZD7cJ__eg7Ek8wxo3CnDrpZM7LfI617H_ge05xGilnGMbVCr3QPDMqlxKW6olssr3tY2JrLO6zvN0dLOw1KQcZ_cwKr71wRQrv5oia1hlhO3WLSsj9ZlPm4pvwYCzvQ8RdnS8vZOJuwNuUkeqk97Dz7oL8CbEbWFpOQPg/https%3A%2F%2Fapereo.github.io%2Fcas> - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB29339FFE13545423F8F44CA8C0AB0%40CY4PR05MB2933.namprd05.prod.outlook.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB29339FFE13545423F8F44CA8C0AB0%40CY4PR05MB2933.namprd05.prod.outlook.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas<https://secure-web.cisco.com/1d6or5tcMHh4mnqdzgGAlzA1ad9FiOhij4KcTKj4i8lRh-nhTCPH1zxQDrbdUg3xtu1jk2ve-kBinp2k8-W-cSNqQEn_YBp7I1CWwusKESy0Q-I7pnY-S2VQTi8izSxz9Ky-FtUvcFpp3QVADdgxOaJWjj1KUpk_dOpCagUH6yR57Th7EaRUdbm7e3FUWPgy-CeZJ2_TJKMhMRVGBJSOkoRwpE2oIZJsntkSLrxhhOKE8Rwg5Xh8MYROZP_5_9ccKEGqI_BWho0wnv2eEn47LXEypgTdORG01Irh5TXy4k0m8gI4EWT7GPMILym-sTSF_RehAcype6SJUgvQXAl3pz4JnPYtHVGg1VG7O9mbam9ssDtT9hG3bo-B279HvK8EOa9zCYM9-h1leL4g9IqeVyfRHrhD0_H6n_17ac37gDIOuKxnvT-G2oDryy7VAb7MLqlO-JMghFTTUieB98hGL-H-hix0cTCA7ukBnNuEsPDjRIh29tsG6gjuxiYJPiIz_eV0TnB_ZZIkxu1Lm4a-ZFQ/https%3A%2F%2Fapereo.github.io%2Fcas> - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB293322A0CE40570D36D9C929C0A90%40CY4PR05MB2933.namprd05.prod.outlook.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB293322A0CE40570D36D9C929C0A90%40CY4PR05MB2933.namprd05.prod.outlook.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR05MB293360A6A4774F199BA3660EC0AC0%40CY4PR05MB2933.namprd05.prod.outlook.com.
