forceAuthn with CAS Service Providers....

Thu Feb 13 09:43:30 EST 2020

> On Feb 12, 2020, at 8:54 PM, Melvin Lasky <melvin.lasky at manhattan.edu> wrote:
> 
> Hey all,
> 	We got a bunch of CAS service Providers in our Shibboleth implementation. I’m probably being naive, but how do I set the forceAuthn on those CAS providers? Is it even possibly?
> 
> Any suggestions or pointers would be greatly appreciated.
> 
> Thanks
> 
> Mel
> 

You can do it by establishing a common p:group name for those services in your CAS registry (cas-protocol.xml), like "forceAuthnCAS", and then referencing that group name in a relying party override similar to this:

        <bean id="casForceAuthn" parent="RelyingPartyByGroup" c:groupNames="forceAuthnCAS">
            <property name="profileConfigurations">
                <list>
                    <bean parent="CAS.LoginConfiguration" p:forceAuthn="true" >
                    <ref bean="CAS.ValidateConfiguration" />
                </list>
            </property>
        </bean>

--
Michael A. Grady
IAM Architect, Unicon, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200213/6a595edf/attachment.html>