Bartosz, There is a remote address authentication method https://apereo.github.io/cas/6.4.x/authentication/Remote-Address-Authentication.html You could add it to the service you want and have it run after username/password.
You could also try policies. You could implement the policy as a groovy script or at a REST endpoint, https://apereo.github.io/cas/6.4.x/authentication/Configuring-Authentication-Policy.html Policies can also be associated with a service https://apereo.github.io/cas/6.4.x/services/Configuring-Service-AuthN-Policy.html See https://fawnoos.com/2018/11/22/cas5-groovy-mfa/ which may also work. Ray On Wed, 2022-02-09 at 02:37 -0800, Bartosz Nitkiewicz wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi, Quick question, whether it is possible to restrict access depending on IP per defined service? -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6d1935098f99de8dbbf0f01691c9b06912ffae48.camel%40uvic.ca.