Hello C Ryan,
I'm struggle with it long time and i would like ask you like in other
topic ,have you digged solloution, could you share it if it is no problem
for you ? Documentaion is like is ;) you know.
In my instastane i have 3 AD handlers and i would like to have control
over it too.
piątek, 23 października 2020 o 20:42:01 UTC+2 C Ryan napisał(a):
> So this is the current format of this configuration, I'm using the
> wildcard and the /cas/login page itself to simply verify things.
>
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^(https|imaps)://.*",
> "name" : "HTTPS and IMAPS",
> "id" : 10000001,
> "evaluationOrder": 99999
> "authenticationPolicy":
> {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
> "requiredAuthenticationHandlers": ["java.util.TreeSet", ["Radius"]],
> "excludedAuthenticationHandlers": ["java.util.TreeSet", ["LDAP"]]
> }
> }
>
>
> I've also put the following in cas.properties
>
> cas.authn.policy.required-handler-authentication-policy-enabled=true
>
>
>
>
> It is still permitting authentication via the LDAP resource.
>
> At a global level it works, I I do the, for example,
>
> cas.authn.policy.req.try-all=false
> cas.authn.policy.req.handler-name=Radius
> cas.authn.policy.req.enabled=true
>
>
> and in this configuration Radius and only Radius will auth.
>
> Not sure where else to look.
>
> Colin
>
> On 10/21/20 7:06 AM, Colin Ryan wrote:
>
> Ray,
>
> That's where I picked up the configurations for what I've been trying but
> it seems like it's still falling through past the Handler I want to be
> required.
>
> Was just wondering if I'm misinterpreting the need for or the context of
> using the criteria configurations as well.
>
> The configuration example I outlined is basically pulled from that page.
>
> Colin
> On 10/20/20 5:48 PM, Ray Bon wrote:
>
> Colin,
>
> Could this be what your are looking for,
> https://apereo.github.io/cas/6.2.x/services/Configuring-Service-AuthN-Policy.html
>
> Ray
>
> On Tue, 2020-10-20 at 14:24 -0400, Colin Ryan wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Folks,
>
> I have 2 authentication sources. I have services that I want strictly to
> only accept success via a specific source. Even if the same credential pair
> could succeed in either.
>
>
> I've been trying to user the "newer"? authenticationPolicy approaches as
> the logs in my 6.2.3 builds were warning about deprecation of the
> requiredAuth configurations.
>
> So I have LDAP and Radius both backed by the same LDAP but for other
> reasons I want a particular policy to specifically require authentication
> to one or the other.
>
> So to force Radius only to be accepted in a service definition I've tried
> the below. But if for example, I fail on the Radius auth and then try again
> it ends up Authenticating against LDAP1.
>
> Missing something?
>
> authenticationPolicy:
>
> {
>
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
>
> "requiredAuthenticationHandlers" : ["java.util.TreeSet", [ "Radius"
> ]],
>
> criteria": {
>
> "@class":
> "org.apereo.cas.services.AllowedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria"
>
> }
>
> }
>
> Thanks
>
> Colin
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/2cc902b81b87bb8b64c476842c72dc9451089ae2.camel%40uvic.ca
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/2cc902b81b87bb8b64c476842c72dc9451089ae2.camel%40uvic.ca?utm_medium=email&utm_source=footer>
> .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
>
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc75a06d-7d74-8398-f56c-e60c450783dd%40caveo.ca
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc75a06d-7d74-8398-f56c-e60c450783dd%40caveo.ca?utm_medium=email&utm_source=footer>
> .
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0385d8d4-642c-44e7-8e04-862b5262642cn%40apereo.org.
