If a service doesn't participate in sso, then it doesn't honor the TGT in that it will require that CAS gets a new TGT.
If SSO is disabled on B, but not on A. consider the following. User requests access to A, supplies credentials, then requests access to B. They must again supply credentials. But, If user requests access to B first, supplies credentials, then requests access to A, then SSO works and user doesn't supply credentials. Every authentication creates an SSO TGT token, It is up to the service to make use of the SSO TGT token or request that the user re-supply credentials. You are first authenticating to CAS. CAS can pass that authentication on to other services In your case, you don't want the SSO TGT token to be created. That isn't CAS. -John -----Original Message----- From: wallace [mailto:[email protected]] Sent: Wednesday, February 26, 2014 1:10 PM To: [email protected] Subject: RE:[cas-user] non-sso service ah-ha, another cas instance where nothing is sso enabled. that's interesting, we'll give that a try -- thanks. Also, the login/out mod -- we're trying to avoid any code changes. Last comment, ... " Each service can be configured as to whether it honors the TGT or requires another user/pw verification. " How do you configure a service that does not honor the tgt ??? I would think it would be un-check the sso box, but that doesn't work. Unless, our cas configs are not right ?? -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
