It looks to me like this change is responsible for the error, though the change itself makes sense for the operation of the method, since it *should* throw an error if SSO is not enabled: https://github.com/apereo/cas/commit/4933e24a3b791ec6fbdb2e2bcf24a15365345358
I would guess that somewhere further up the chain should handle that error instead of just letting it interrupt the entire login process? On Tue, Apr 9, 2024 at 1:59 AM Sreeja Pillai <[email protected]> wrote: > I haven't figured it out yet. I rolled back to 6.6.15, where forced SSO > worked as expected. I am continuing to investigate what change might have > broken it between 6.6.15 and 7.x. > > --Sreeja > > On Mon, Apr 8, 2024 at 3:38 PM Christopher McCurdy <[email protected]> > wrote: > >> Sreeja, >> >> Were you able to figure this out on your own? I'm experiencing the same >> issue in that SSO-enabled services work fine, but SSO-disabled services are >> denied a ticket after validating credentials. >> >> On Thu, Mar 21, 2024 at 10:06 AM Sreeja Pillai <[email protected]> >> wrote: >> >>> We are currently on v6.5.9 and trying to upgrade to v7. Most of our >>> service registrations have SSO enabled and work fine. >>> However, forced SSO is not working for the ones where SSO access is >>> disabled. Based on what we see in the logs, service ticket is NOT generated. >>> >>> We did follow the documentation here: >>> https://apereo.github.io/cas/development/services/Configuring-Service-SSO-Policy.html >>> >>> Any ideas what could be missing? >>> >>> *JSON service registration:* >>> >>> { >>> "@class" : "org.apereo.cas.services.CasRegisteredService", >>> "serviceId" : "^(http|https)://authorizetest.hbsstg.org/.*", >>> "name" : "authorizetest.hbsstg.org", >>> "id" : "4020", >>> "description" : "This service definition authorizes all application >>> urls that support HTTPS protocols.", >>> "evaluationOrder" : "4020", >>> "logoutType" : "BACK_CHANNEL", >>> "attributeReleasePolicy" : >>> { >>> "@class" : >>> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", >>> "allowedAttributes" : >>> { >>> "@class" : "java.util.TreeMap", >>> "employeeNumber" : "PERSON_ID" >>> }, >>> "authorizedToReleaseCredentialPassword" : "false", >>> "authorizedToReleaseProxyGrantingTicket" : "false" >>> }, >>> "multifactorPolicy" : >>> { >>> "@class" : >>> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy", >>> "failureMode" : "CLOSED" >>> }, >>> "accessStrategy" : >>> { >>> "@class" : >>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", >>> "enabled" : "true", >>> "ssoEnabled" : "false", >>> "requireAllAttributes" : "true", >>> "caseInsensitive" : "false" >>> } >>> } >>> >>> Thank you! >>> --Sreeja >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a034e21-9efe-4f42-851b-152ff96fb01an%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a034e21-9efe-4f42-851b-152ff96fb01an%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> Christopher McCurdy >> Project Leader >> IT-ESCS-Application Development >> University of Delaware >> (302) 831-3745 >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "CAS Community" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/a/apereo.org/d/topic/cas-user/LL1ZQ5rPOl8/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEi3iFEmWk_tedwTmvvzRcd5XS30NhtP%2B0SW_-dN1ntpsmGtig%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEi3iFEmWk_tedwTmvvzRcd5XS30NhtP%2B0SW_-dN1ntpsmGtig%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bs%3D9eo_Hh0HBV2fstKZSBqh8yLeK2nmY63-zG1Q-V0JZ3a0Sw%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bs%3D9eo_Hh0HBV2fstKZSBqh8yLeK2nmY63-zG1Q-V0JZ3a0Sw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- Christopher McCurdy Project Leader IT-ESCS-Application Development University of Delaware (302) 831-3745 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEi3iFHDWTNTSYFdUhNn77Ergb7GeroY41aMZeu-mWMXftpimQ%40mail.gmail.com.
