Ben, This policy would prevent a login _after_ the REST session was established, https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Policy-UniquePrincipal.html
There is also a custom groovy script option, https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Policy-Groovy.html Not sure if the script has access to the login flow session, and consequently, the service. Other authn policies, https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Policy.html Ray On Fri, 2023-11-10 at 05:08 -0800, Ben P wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Dear CAS-Community, In our setup we'd like to use the TGT Rest mechanism (https://apereo.github.io/cas/6.5.x/protocol/REST-Protocol-Request-TicketGrantingTicket.html) for a specific(!) user (backed by LDAP) but do not allow a web-login for this user. So bascially any tried weblogin should be ignored by CAS (resp LDAP) and the account should not be locked Any ideas to accomplish this? tnx & regards -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/31def1e208fa1862672e4d3e48c3e1f62fb4c23d.camel%40uvic.ca.
