forceAuthn with CAS Service Providers....

Michael A Grady mgrady at
Thu Feb 13 09:43:30 EST 2020

> On Feb 12, 2020, at 8:54 PM, Melvin Lasky <melvin.lasky at> wrote:
> Hey all,
> 	We got a bunch of CAS service Providers in our Shibboleth implementation. I’m probably being naive, but how do I set the forceAuthn on those CAS providers? Is it even possibly?
> Any suggestions or pointers would be greatly appreciated.
> Thanks
> Mel

You can do it by establishing a common p:group name for those services in your CAS registry (cas-protocol.xml), like "forceAuthnCAS", and then referencing that group name in a relying party override similar to this:

        <bean id="casForceAuthn" parent="RelyingPartyByGroup" c:groupNames="forceAuthnCAS">
            <property name="profileConfigurations">
                    <bean parent="CAS.LoginConfiguration" p:forceAuthn="true" >
                    <ref bean="CAS.ValidateConfiguration" />

Michael A. Grady
IAM Architect, Unicon, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list