Have you tried testing this with 6.6.1 or 6.6.2? On Wednesday, October 26, 2022 at 7:31:56 AM UTC+4 mpel...@entornosdeformacion.com wrote:
> 6.6.0! > > Thanks > > El mar., 25 oct. 2022 17:57, CAS Community <cas-...@apereo.org> escribió: > >> Are you actually running 6.5.x? >> >> On Monday, October 24, 2022 at 9:10:56 PM UTC+4 >> mpel...@entornosdeformacion.com wrote: >> >>> Thanks for your response Ray, I'm talking about this option >>> https://apereo.github.io/cas/6.5.x/authentication/Configuring-Authentication-Policy-UniquePrincipal.html#unique-principal---authentication-policy, >>> >>> I think it's something to configure in CAS and not the service. >>> >>> It does work authenticating in CAS only, basic CAS auth >>> https://mydomain.cas.server/cas/login, but does not work when logging >>> into a service >>> https://mydomain.cas.server/cas/login?service=https%3A%2F%2Fmydomain.service, >>> >>> I believe I'm missing something in the service configuration but I couldn't >>> find it in the documentation.... >>> >>> Thanks! >>> >>> Miguel >>> El 21/10/2022 a las 18:42, Ray Bon escribió: >>> >>> Miguel, >>> >>> You can set ssoEnabled=false in cas service definition to force authn to >>> the service, >>> https://apereo.github.io/cas/6.5.x/services/Configuring-Service-Access-Strategy.html >>> >>> If you are talking about the behaviour of the sessions managed by the >>> service (which it sounds like you are), that would be something to >>> configure in the service, not cas. >>> >>> Ray >>> >>> On Fri, 2022-10-21 at 10:27 +0200, Miguel Pellicer wrote: >>> >>> Notice: This message was sent from outside the University of Victoria >>> email system. Please be cautious with links and sensitive information. >>> >>> I feel sorry for re-asking this, does anybody know how to enable unique >>> sessions in the services? We only want one session per service per user, so >>> people cannot share credentials between them. >>> >>> Thanks for any guidance and sorry for asking again! >>> El 04/10/2022 a las 10:35, Miguel Pellicer escribió: >>> >>> Good morning subscribers! >>> >>> We've deployed CAS successfully to authenticate in multiple services and >>> it really performs really well. We have a new requirement to limit the user >>> sessions to only one, this means, a user can only log once and multiple >>> sessions are not allowed. This requirement is to prevent account >>> sharing...... >>> >>> This works partially using this property: >>> >>> cas.authn.policy.unique-principal.enabled=true >>> >>> It prevents multiple sessions when login to CAS directly, >>> https://mydomain.cas.server/cas/login, however, does not work when >>> login into a service >>> https://mydomain.cas.server/cas/login?service=https%3A%2F%2Fmydomain.service, >>> >>> when users login into any service allows multiple sessions. >>> >>> I suspect that the service definition should also contain the >>> authentication policy, am I right? Can I have an example of the JSON >>> snippet? >>> >>> According to the documentation, I should assign a name: >>> >>> cas.authn.policy.unique-principal.name=PreventMultipleSessions >>> >>> And use the policy in the service definition, but does not work: >>> "authenticationPolicy" : { >>> "@class" : >>> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy", >>> "requiredAuthenticationHandlers" : ["java.util.TreeSet", [ >>> "PreventMultipleSessions" ]], >>> "excludedAuthenticationHandlers" : ["java.util.TreeSet", [ ]] >>> } >>> >>> Thank you so much for any help! >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email tocas-user+u...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/25adba6f-b851-441b-9ef3-6132ee1526can%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/25adba6f-b851-441b-9ef3-6132ee1526can%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> ----------------------------------------------- >>> Miguel Pellicer >>> CTO at EDF >>> >>> Website: https://www.edf.global >>> LinkedIn: https://es.linkedin.com/company/entornosdeformacion >>> LinkedIn: https://www.linkedin.com/in/mpellicer-edf >>> Office Phone: +34 - 96 381 35 75 <+34%20963%2081%2035%2075> >>> Request a meeting here: https://calendly.com/mpellicer >>> ----------------------------------------------- >>> >>> Su dirección de correo electrónico junto a sus datos personales consta en >>> un fichero cuya finalidad es la de mantener el contacto profesional con Ud. >>> Por ENTORNOS DE FORMACIÓN S.L., como responsable del Fichero y del >>> Tratamiento. De conformidad con el Reglamento (UE) núm. 2016/679, General >>> de Protección de Datos y la LO 3/2018, de 5 de diciembre, de Protección de >>> Datos Personales y garantía de los derechos digitales, puede ejercer de >>> forma totalmente gratuita los derechos de acceso, información, >>> rectificación, supresión y olvido, limitación del tratamiento, oposición, >>> portabilidad y a no ser objeto de decisiones individuales automatizadas >>> enviando un correo electrónica a la siguiente dirección: in...@edf.global >>> Si no desea recibir información por correo electrónico notifiquenoslo en >>> esta misma dirección. Aviso sobre confidencialidad: Este documento se >>> dirige exclusivamente a su destinatario. Por contener información >>> confidencial, sometida a secreto profesional cuya divulgación está >>> prohibida en virtud de la legislación vigente. Se informa a quien lo >>> recibiera, sin ser el destinatario, que la información contenida en el >>> mismo es reservada y su utilización con cualquier fin está prohibida. Si ha >>> recibido este documento por error, le rogamos nos lo comunique y proceda a >>> su destrucción. >>> >>> Your e-mail address and your data are stored in a file to maintain >>> professional contact between you and ENTORNOS DE FORMACIÓN S.L., as the >>> party responsible for the file and the processing. In accordance with >>> Regulation (EU) No. 2016/679, General Data Protection and the OL 3/2018 of >>> 5th December, to guarantee digital rights, you can exercise free of charge >>> the rights of access, information, rectification, deletion and oblivion, >>> limitation of processing, opposition, portability and the right of you are >>> not subject to automated individual decisions, by sending an e-mail to the >>> following address: in...@edf.global. If you do not wish to receive >>> information by e-mail, please notify us at the same address. >>> Confidentiality notice: This document is addressed exclusively to the >>> addressee. If you have received this document in error, please inform us >>> and destroy it. >>> >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> >>> You received this message because you are subscribed to a topic in the >>> Google Groups "CAS Community" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/a/apereo.org/d/topic/cas-user/EOP41AqrHac/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> cas-user+u...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/11aa9b88cfff4d5d43ddbfa1731b2c1db1c2f709.camel%40uvic.ca >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/11aa9b88cfff4d5d43ddbfa1731b2c1db1c2f709.camel%40uvic.ca?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> ----------------------------------------------- >>> Miguel Pellicer >>> CTO at EDF >>> >>> Website: https://www.edf.global >>> LinkedIn: https://es.linkedin.com/company/entornosdeformacion >>> LinkedIn: https://www.linkedin.com/in/mpellicer-edf >>> Office Phone: +34 - 96 381 35 75 <+34%20963%2081%2035%2075> >>> Request a meeting here: https://calendly.com/mpellicer >>> ----------------------------------------------- >>> >>> Su dirección de correo electrónico junto a sus datos personales consta en >>> un fichero cuya finalidad es la de mantener el contacto profesional con Ud. >>> Por ENTORNOS DE FORMACIÓN S.L., como responsable del Fichero y del >>> Tratamiento. De conformidad con el Reglamento (UE) núm. 2016/679, General >>> de Protección de Datos y la LO 3/2018, de 5 de diciembre, de Protección de >>> Datos Personales y garantía de los derechos digitales, puede ejercer de >>> forma totalmente gratuita los derechos de acceso, información, >>> rectificación, supresión y olvido, limitación del tratamiento, oposición, >>> portabilidad y a no ser objeto de decisiones individuales automatizadas >>> enviando un correo electrónica a la siguiente dirección: in...@edf.global >>> Si no desea recibir información por correo electrónico notifiquenoslo en >>> esta misma dirección. Aviso sobre confidencialidad: Este documento se >>> dirige exclusivamente a su destinatario. Por contener información >>> confidencial, sometida a secreto profesional cuya divulgación está >>> prohibida en virtud de la legislación vigente. Se informa a quien lo >>> recibiera, sin ser el destinatario, que la información contenida en el >>> mismo es reservada y su utilización con cualquier fin está prohibida. Si ha >>> recibido este documento por error, le rogamos nos lo comunique y proceda a >>> su destrucción. >>> >>> Your e-mail address and your data are stored in a file to maintain >>> professional contact between you and ENTORNOS DE FORMACIÓN S.L., as the >>> party responsible for the file and the processing. In accordance with >>> Regulation (EU) No. 2016/679, General Data Protection and the OL 3/2018 of >>> 5th December, to guarantee digital rights, you can exercise free of charge >>> the rights of access, information, rectification, deletion and oblivion, >>> limitation of processing, opposition, portability and the right of you are >>> not subject to automated individual decisions, by sending an e-mail to the >>> following address: in...@edf.global. If you do not wish to receive >>> information by e-mail, please notify us at the same address. >>> Confidentiality notice: This document is addressed exclusively to the >>> addressee. If you have received this document in error, please inform us >>> and destroy it. >>> >>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "CAS Community" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/a/apereo.org/d/topic/cas-user/EOP41AqrHac/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> cas-user+u...@apereo.org. >> > To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/829b9a97-f838-427e-8ac6-6f95b40c30aan%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/829b9a97-f838-427e-8ac6-6f95b40c30aan%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/465e7b6d-1dff-41d0-9af6-bbc551da3480n%40apereo.org.
