Have you tried testing this with 6.6.1 or 6.6.2? On Wednesday, October 26, 2022 at 7:31:56 AM UTC+4 [email protected] wrote:
> 6.6.0! > > Thanks > > El mar., 25 oct. 2022 17:57, CAS Community <[email protected]> escribió: > >> Are you actually running 6.5.x? >> >> On Monday, October 24, 2022 at 9:10:56 PM UTC+4 >> [email protected] wrote: >> >>> Thanks for your response Ray, I'm talking about this option >>> https://apereo.github.io/cas/6.5.x/authentication/Configuring-Authentication-Policy-UniquePrincipal.html#unique-principal---authentication-policy, >>> >>> I think it's something to configure in CAS and not the service. >>> >>> It does work authenticating in CAS only, basic CAS auth >>> https://mydomain.cas.server/cas/login, but does not work when logging >>> into a service >>> https://mydomain.cas.server/cas/login?service=https%3A%2F%2Fmydomain.service, >>> >>> I believe I'm missing something in the service configuration but I couldn't >>> find it in the documentation.... >>> >>> Thanks! >>> >>> Miguel >>> El 21/10/2022 a las 18:42, Ray Bon escribió: >>> >>> Miguel, >>> >>> You can set ssoEnabled=false in cas service definition to force authn to >>> the service, >>> https://apereo.github.io/cas/6.5.x/services/Configuring-Service-Access-Strategy.html >>> >>> If you are talking about the behaviour of the sessions managed by the >>> service (which it sounds like you are), that would be something to >>> configure in the service, not cas. >>> >>> Ray >>> >>> On Fri, 2022-10-21 at 10:27 +0200, Miguel Pellicer wrote: >>> >>> Notice: This message was sent from outside the University of Victoria >>> email system. Please be cautious with links and sensitive information. >>> >>> I feel sorry for re-asking this, does anybody know how to enable unique >>> sessions in the services? We only want one session per service per user, so >>> people cannot share credentials between them. >>> >>> Thanks for any guidance and sorry for asking again! >>> El 04/10/2022 a las 10:35, Miguel Pellicer escribió: >>> >>> Good morning subscribers! >>> >>> We've deployed CAS successfully to authenticate in multiple services and >>> it really performs really well. We have a new requirement to limit the user >>> sessions to only one, this means, a user can only log once and multiple >>> sessions are not allowed. This requirement is to prevent account >>> sharing...... >>> >>> This works partially using this property: >>> >>> cas.authn.policy.unique-principal.enabled=true >>> >>> It prevents multiple sessions when login to CAS directly, >>> https://mydomain.cas.server/cas/login, however, does not work when >>> login into a service >>> https://mydomain.cas.server/cas/login?service=https%3A%2F%2Fmydomain.service, >>> >>> when users login into any service allows multiple sessions. >>> >>> I suspect that the service definition should also contain the >>> authentication policy, am I right? Can I have an example of the JSON >>> snippet? >>> >>> According to the documentation, I should assign a name: >>> >>> cas.authn.policy.unique-principal.name=PreventMultipleSessions >>> >>> And use the policy in the service definition, but does not work: >>> "authenticationPolicy" : { >>> "@class" : >>> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy", >>> "requiredAuthenticationHandlers" : ["java.util.TreeSet", [ >>> "PreventMultipleSessions" ]], >>> "excludedAuthenticationHandlers" : ["java.util.TreeSet", [ ]] >>> } >>> >>> Thank you so much for any help! >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/25adba6f-b851-441b-9ef3-6132ee1526can%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/25adba6f-b851-441b-9ef3-6132ee1526can%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> ----------------------------------------------- >>> Miguel Pellicer >>> CTO at EDF >>> >>> Website: https://www.edf.global >>> LinkedIn: https://es.linkedin.com/company/entornosdeformacion >>> LinkedIn: https://www.linkedin.com/in/mpellicer-edf >>> Office Phone: +34 - 96 381 35 75 <+34%20963%2081%2035%2075> >>> Request a meeting here: https://calendly.com/mpellicer >>> ----------------------------------------------- >>> >>> Su dirección de correo electrónico junto a sus datos personales consta en >>> un fichero cuya finalidad es la de mantener el contacto profesional con Ud. >>> Por ENTORNOS DE FORMACIÓN S.L., como responsable del Fichero y del >>> Tratamiento. De conformidad con el Reglamento (UE) núm. 2016/679, General >>> de Protección de Datos y la LO 3/2018, de 5 de diciembre, de Protección de >>> Datos Personales y garantía de los derechos digitales, puede ejercer de >>> forma totalmente gratuita los derechos de acceso, información, >>> rectificación, supresión y olvido, limitación del tratamiento, oposición, >>> portabilidad y a no ser objeto de decisiones individuales automatizadas >>> enviando un correo electrónica a la siguiente dirección: [email protected] >>> Si no desea recibir información por correo electrónico notifiquenoslo en >>> esta misma dirección. Aviso sobre confidencialidad: Este documento se >>> dirige exclusivamente a su destinatario. Por contener información >>> confidencial, sometida a secreto profesional cuya divulgación está >>> prohibida en virtud de la legislación vigente. Se informa a quien lo >>> recibiera, sin ser el destinatario, que la información contenida en el >>> mismo es reservada y su utilización con cualquier fin está prohibida. Si ha >>> recibido este documento por error, le rogamos nos lo comunique y proceda a >>> su destrucción. >>> >>> Your e-mail address and your data are stored in a file to maintain >>> professional contact between you and ENTORNOS DE FORMACIÓN S.L., as the >>> party responsible for the file and the processing. In accordance with >>> Regulation (EU) No. 2016/679, General Data Protection and the OL 3/2018 of >>> 5th December, to guarantee digital rights, you can exercise free of charge >>> the rights of access, information, rectification, deletion and oblivion, >>> limitation of processing, opposition, portability and the right of you are >>> not subject to automated individual decisions, by sending an e-mail to the >>> following address: [email protected]. If you do not wish to receive >>> information by e-mail, please notify us at the same address. >>> Confidentiality notice: This document is addressed exclusively to the >>> addressee. If you have received this document in error, please inform us >>> and destroy it. >>> >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> >>> You received this message because you are subscribed to a topic in the >>> Google Groups "CAS Community" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/a/apereo.org/d/topic/cas-user/EOP41AqrHac/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/11aa9b88cfff4d5d43ddbfa1731b2c1db1c2f709.camel%40uvic.ca >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/11aa9b88cfff4d5d43ddbfa1731b2c1db1c2f709.camel%40uvic.ca?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> ----------------------------------------------- >>> Miguel Pellicer >>> CTO at EDF >>> >>> Website: https://www.edf.global >>> LinkedIn: https://es.linkedin.com/company/entornosdeformacion >>> LinkedIn: https://www.linkedin.com/in/mpellicer-edf >>> Office Phone: +34 - 96 381 35 75 <+34%20963%2081%2035%2075> >>> Request a meeting here: https://calendly.com/mpellicer >>> ----------------------------------------------- >>> >>> Su dirección de correo electrónico junto a sus datos personales consta en >>> un fichero cuya finalidad es la de mantener el contacto profesional con Ud. >>> Por ENTORNOS DE FORMACIÓN S.L., como responsable del Fichero y del >>> Tratamiento. De conformidad con el Reglamento (UE) núm. 2016/679, General >>> de Protección de Datos y la LO 3/2018, de 5 de diciembre, de Protección de >>> Datos Personales y garantía de los derechos digitales, puede ejercer de >>> forma totalmente gratuita los derechos de acceso, información, >>> rectificación, supresión y olvido, limitación del tratamiento, oposición, >>> portabilidad y a no ser objeto de decisiones individuales automatizadas >>> enviando un correo electrónica a la siguiente dirección: [email protected] >>> Si no desea recibir información por correo electrónico notifiquenoslo en >>> esta misma dirección. Aviso sobre confidencialidad: Este documento se >>> dirige exclusivamente a su destinatario. Por contener información >>> confidencial, sometida a secreto profesional cuya divulgación está >>> prohibida en virtud de la legislación vigente. Se informa a quien lo >>> recibiera, sin ser el destinatario, que la información contenida en el >>> mismo es reservada y su utilización con cualquier fin está prohibida. Si ha >>> recibido este documento por error, le rogamos nos lo comunique y proceda a >>> su destrucción. >>> >>> Your e-mail address and your data are stored in a file to maintain >>> professional contact between you and ENTORNOS DE FORMACIÓN S.L., as the >>> party responsible for the file and the processing. In accordance with >>> Regulation (EU) No. 2016/679, General Data Protection and the OL 3/2018 of >>> 5th December, to guarantee digital rights, you can exercise free of charge >>> the rights of access, information, rectification, deletion and oblivion, >>> limitation of processing, opposition, portability and the right of you are >>> not subject to automated individual decisions, by sending an e-mail to the >>> following address: [email protected]. If you do not wish to receive >>> information by e-mail, please notify us at the same address. >>> Confidentiality notice: This document is addressed exclusively to the >>> addressee. If you have received this document in error, please inform us >>> and destroy it. >>> >>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "CAS Community" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/a/apereo.org/d/topic/cas-user/EOP41AqrHac/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/829b9a97-f838-427e-8ac6-6f95b40c30aan%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/829b9a97-f838-427e-8ac6-6f95b40c30aan%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/465e7b6d-1dff-41d0-9af6-bbc551da3480n%40apereo.org.
