I feel sorry for re-asking this, does anybody know how to enable unique
sessions in the services? We only want one session per service per user,
so people cannot share credentials between them.
Thanks for any guidance and sorry for asking again!
El 04/10/2022 a las 10:35, Miguel Pellicer escribió:
Good morning subscribers!
We've deployed CAS successfully to authenticate in multiple services
and it really performs really well. We have a new requirement to limit
the user sessions to only one, this means, a user can only log once
and multiple sessions are not allowed. This requirement is to prevent
account sharing......
This works partially using this property:
cas.authn.policy.unique-principal.enabled=true
It prevents multiple sessions when login to CAS directly,
https://mydomain.cas.server/cas/login, however, does not work when
login into a service
https://mydomain.cas.server/cas/login?service=https%3A%2F%2Fmydomain.service,
when users login into any service allows multiple sessions.
I suspect that the service definition should also contain the
authentication policy, am I right? Can I have an example of the JSON
snippet?
According to the documentation, I should assign a name:
cas.authn.policy.unique-principal.name=PreventMultipleSessions
And use the policy in the service definition, but does not work:
"authenticationPolicy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
"requiredAuthenticationHandlers" : ["java.util.TreeSet", [
"PreventMultipleSessions" ]],
"excludedAuthenticationHandlers" : ["java.util.TreeSet", [ ]]
}
Thank you so much for any help!
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/25adba6f-b851-441b-9ef3-6132ee1526can%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/25adba6f-b851-441b-9ef3-6132ee1526can%40apereo.org?utm_medium=email&utm_source=footer>.
--
-----------------------------------------------
Miguel Pellicer
CTO at EDF
Website:https://www.edf.global
LinkedIn:https://es.linkedin.com/company/entornosdeformacion
LinkedIn:https://www.linkedin.com/in/mpellicer-edf
Office Phone: +34 - 96 381 35 75
Request a meeting here:https://calendly.com/mpellicer
-----------------------------------------------
Su dirección de correo electrónico junto a sus datos personales consta en un
fichero cuya finalidad es la de mantener el contacto profesional con Ud. Por
ENTORNOS DE FORMACIÓN S.L., como responsable del Fichero y del Tratamiento. De
conformidad con el Reglamento (UE) núm. 2016/679, General de Protección de
Datos y la LO 3/2018, de 5 de diciembre, de Protección de Datos Personales y
garantía de los derechos digitales, puede ejercer de forma totalmente gratuita
los derechos de acceso, información, rectificación, supresión y olvido,
limitación del tratamiento, oposición, portabilidad y a no ser objeto de
decisiones individuales automatizadas enviando un correo electrónica a la
siguiente dirección:info@edf.global Si no desea recibir información por correo
electrónico notifiquenoslo en esta misma dirección. Aviso sobre
confidencialidad: Este documento se dirige exclusivamente a su destinatario.
Por contener información confidencial, sometida a secreto profesional cuya
divulgación está prohibida en virtud de la legislación vigente. Se informa a
quien lo recibiera, sin ser el destinatario, que la información contenida en el
mismo es reservada y su utilización con cualquier fin está prohibida. Si ha
recibido este documento por error, le rogamos nos lo comunique y proceda a su
destrucción.
Your e-mail address and your data are stored in a file to maintain professional
contact between you and ENTORNOS DE FORMACIÓN S.L., as the party responsible
for the file and the processing. In accordance with Regulation (EU) No.
2016/679, General Data Protection and the OL 3/2018 of 5th December, to
guarantee digital rights, you can exercise free of charge the rights of access,
information, rectification, deletion and oblivion, limitation of processing,
opposition, portability and the right of you are not subject to automated
individual decisions, by sending an e-mail to the following
address:info@edf.global. If you do not wish to receive information by e-mail,
please notify us at the same address. Confidentiality notice: This document is
addressed exclusively to the addressee. If you have received this document in
error, please inform us and destroy it.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a35890e3-8ac6-6a24-b981-4886e0fe8ee7%40entornosdeformacion.com.