Are you actually running 6.5.x? On Monday, October 24, 2022 at 9:10:56 PM UTC+4 [email protected] wrote:
> Thanks for your response Ray, I'm talking about this option > https://apereo.github.io/cas/6.5.x/authentication/Configuring-Authentication-Policy-UniquePrincipal.html#unique-principal---authentication-policy, > > I think it's something to configure in CAS and not the service. > > It does work authenticating in CAS only, basic CAS auth > https://mydomain.cas.server/cas/login, but does not work when logging > into a service > https://mydomain.cas.server/cas/login?service=https%3A%2F%2Fmydomain.service, > I believe I'm missing something in the service configuration but I couldn't > find it in the documentation.... > > Thanks! > > Miguel > El 21/10/2022 a las 18:42, Ray Bon escribió: > > Miguel, > > You can set ssoEnabled=false in cas service definition to force authn to > the service, > https://apereo.github.io/cas/6.5.x/services/Configuring-Service-Access-Strategy.html > > If you are talking about the behaviour of the sessions managed by the > service (which it sounds like you are), that would be something to > configure in the service, not cas. > > Ray > > On Fri, 2022-10-21 at 10:27 +0200, Miguel Pellicer wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > I feel sorry for re-asking this, does anybody know how to enable unique > sessions in the services? We only want one session per service per user, so > people cannot share credentials between them. > > Thanks for any guidance and sorry for asking again! > El 04/10/2022 a las 10:35, Miguel Pellicer escribió: > > Good morning subscribers! > > We've deployed CAS successfully to authenticate in multiple services and > it really performs really well. We have a new requirement to limit the user > sessions to only one, this means, a user can only log once and multiple > sessions are not allowed. This requirement is to prevent account > sharing...... > > This works partially using this property: > > cas.authn.policy.unique-principal.enabled=true > > It prevents multiple sessions when login to CAS directly, > https://mydomain.cas.server/cas/login, however, does not work when login > into a service > https://mydomain.cas.server/cas/login?service=https%3A%2F%2Fmydomain.service, > when users login into any service allows multiple sessions. > > I suspect that the service definition should also contain the > authentication policy, am I right? Can I have an example of the JSON > snippet? > > According to the documentation, I should assign a name: > > cas.authn.policy.unique-principal.name=PreventMultipleSessions > > And use the policy in the service definition, but does not work: > "authenticationPolicy" : { > "@class" : > "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy", > "requiredAuthenticationHandlers" : ["java.util.TreeSet", [ > "PreventMultipleSessions" ]], > "excludedAuthenticationHandlers" : ["java.util.TreeSet", [ ]] > } > > Thank you so much for any help! > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/25adba6f-b851-441b-9ef3-6132ee1526can%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/25adba6f-b851-441b-9ef3-6132ee1526can%40apereo.org?utm_medium=email&utm_source=footer> > . > > -- > ----------------------------------------------- > Miguel Pellicer > CTO at EDF > > Website: https://www.edf.global > LinkedIn: https://es.linkedin.com/company/entornosdeformacion > LinkedIn: https://www.linkedin.com/in/mpellicer-edf > Office Phone: +34 - 96 381 35 75 <+34%20963%2081%2035%2075> > Request a meeting here: https://calendly.com/mpellicer > ----------------------------------------------- > > Su dirección de correo electrónico junto a sus datos personales consta en un > fichero cuya finalidad es la de mantener el contacto profesional con Ud. Por > ENTORNOS DE FORMACIÓN S.L., como responsable del Fichero y del Tratamiento. > De conformidad con el Reglamento (UE) núm. 2016/679, General de Protección de > Datos y la LO 3/2018, de 5 de diciembre, de Protección de Datos Personales y > garantía de los derechos digitales, puede ejercer de forma totalmente > gratuita los derechos de acceso, información, rectificación, supresión y > olvido, limitación del tratamiento, oposición, portabilidad y a no ser objeto > de decisiones individuales automatizadas enviando un correo electrónica a la > siguiente dirección: [email protected] Si no desea recibir información por > correo electrónico notifiquenoslo en esta misma dirección. Aviso sobre > confidencialidad: Este documento se dirige exclusivamente a su destinatario. > Por contener información confidencial, sometida a secreto profesional cuya > divulgación está prohibida en virtud de la legislación vigente. Se informa a > quien lo recibiera, sin ser el destinatario, que la información contenida en > el mismo es reservada y su utilización con cualquier fin está prohibida. Si > ha recibido este documento por error, le rogamos nos lo comunique y proceda a > su destrucción. > > Your e-mail address and your data are stored in a file to maintain > professional contact between you and ENTORNOS DE FORMACIÓN S.L., as the party > responsible for the file and the processing. In accordance with Regulation > (EU) No. 2016/679, General Data Protection and the OL 3/2018 of 5th December, > to guarantee digital rights, you can exercise free of charge the rights of > access, information, rectification, deletion and oblivion, limitation of > processing, opposition, portability and the right of you are not subject to > automated individual decisions, by sending an e-mail to the following > address: [email protected]. If you do not wish to receive information by > e-mail, please notify us at the same address. Confidentiality notice: This > document is addressed exclusively to the addressee. If you have received this > document in error, please inform us and destroy it. > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > > You received this message because you are subscribed to a topic in the > Google Groups "CAS Community" group. > To unsubscribe from this topic, visit > https://groups.google.com/a/apereo.org/d/topic/cas-user/EOP41AqrHac/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/11aa9b88cfff4d5d43ddbfa1731b2c1db1c2f709.camel%40uvic.ca > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/11aa9b88cfff4d5d43ddbfa1731b2c1db1c2f709.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > -- > ----------------------------------------------- > Miguel Pellicer > CTO at EDF > > Website: https://www.edf.global > LinkedIn: https://es.linkedin.com/company/entornosdeformacion > LinkedIn: https://www.linkedin.com/in/mpellicer-edf > Office Phone: +34 - 96 381 35 75 <+34%20963%2081%2035%2075> > Request a meeting here: https://calendly.com/mpellicer > ----------------------------------------------- > > Su dirección de correo electrónico junto a sus datos personales consta en un > fichero cuya finalidad es la de mantener el contacto profesional con Ud. Por > ENTORNOS DE FORMACIÓN S.L., como responsable del Fichero y del Tratamiento. > De conformidad con el Reglamento (UE) núm. 2016/679, General de Protección de > Datos y la LO 3/2018, de 5 de diciembre, de Protección de Datos Personales y > garantía de los derechos digitales, puede ejercer de forma totalmente > gratuita los derechos de acceso, información, rectificación, supresión y > olvido, limitación del tratamiento, oposición, portabilidad y a no ser objeto > de decisiones individuales automatizadas enviando un correo electrónica a la > siguiente dirección: [email protected] Si no desea recibir información por > correo electrónico notifiquenoslo en esta misma dirección. Aviso sobre > confidencialidad: Este documento se dirige exclusivamente a su destinatario. > Por contener información confidencial, sometida a secreto profesional cuya > divulgación está prohibida en virtud de la legislación vigente. Se informa a > quien lo recibiera, sin ser el destinatario, que la información contenida en > el mismo es reservada y su utilización con cualquier fin está prohibida. Si > ha recibido este documento por error, le rogamos nos lo comunique y proceda a > su destrucción. > > Your e-mail address and your data are stored in a file to maintain > professional contact between you and ENTORNOS DE FORMACIÓN S.L., as the party > responsible for the file and the processing. In accordance with Regulation > (EU) No. 2016/679, General Data Protection and the OL 3/2018 of 5th December, > to guarantee digital rights, you can exercise free of charge the rights of > access, information, rectification, deletion and oblivion, limitation of > processing, opposition, portability and the right of you are not subject to > automated individual decisions, by sending an e-mail to the following > address: [email protected]. If you do not wish to receive information by > e-mail, please notify us at the same address. Confidentiality notice: This > document is addressed exclusively to the addressee. If you have received this > document in error, please inform us and destroy it. > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/829b9a97-f838-427e-8ac6-6f95b40c30aan%40apereo.org.
