Our application has multiple JDBC authentication sources, so we are using
requiredHandlers so each service will authenticate against the correct
database. Now we are trying to turn on delegated authentication to allow
login from an OIDC IdP. When requiredHandlers has a value, the OIDC login
fails because even though the user has passed the delegated authentication
the code still forces them through the requiredHandlers as well. When I
remove requiredHandlers, the OIDC delegated authentication works correctly
but normal login doesn't use only the correct authentication handler.
Is there a way to specify a specific authentication source for a service
and also allow delegated authentication at the same time?
My service configuration file looks something like:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://localhost:8445.*";,
"name" : "localhost",
"id" : 4,
"requiredHandlers": ["java.util.HashSet", ["jdbcHandler" ]],
"evaluationOrder" : 4,
"accessStrategy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"delegatedAuthenticationPolicy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
"allowedProviders" : [ "java.util.ArrayList", [ "oidcIdp"] ],
"permitUndefined": true,
"exclusive": false
}
}
}
Thanks for any advice,
Abre
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4039af13-eac2-47ad-8468-a1963b385a3an%40apereo.org.
