forceAuthn with CAS Service Providers....
Michael A Grady
mgrady at unicon.net
Thu Feb 13 09:46:56 EST 2020
Note you'd need to be on IdP v3.4 or later for that forceAuthn flag to be supported.
> On Feb 13, 2020, at 8:43 AM, Michael A Grady <mgrady at unicon.net> wrote:
>
>
>
>> On Feb 12, 2020, at 8:54 PM, Melvin Lasky <melvin.lasky at manhattan.edu <mailto:melvin.lasky at manhattan.edu>> wrote:
>>
>> Hey all,
>> We got a bunch of CAS service Providers in our Shibboleth implementation. I’m probably being naive, but how do I set the forceAuthn on those CAS providers? Is it even possibly?
>>
>> Any suggestions or pointers would be greatly appreciated.
>>
>> Thanks
>>
>> Mel
>>
>
> You can do it by establishing a common p:group name for those services in your CAS registry (cas-protocol.xml), like "forceAuthnCAS", and then referencing that group name in a relying party override similar to this:
>
> <bean id="casForceAuthn" parent="RelyingPartyByGroup" c:groupNames="forceAuthnCAS">
> <property name="profileConfigurations">
> <list>
> <bean parent="CAS.LoginConfiguration" p:forceAuthn="true" >
> <ref bean="CAS.ValidateConfiguration" />
> </list>
> </property>
> </bean>
>
> --
> Michael A. Grady
> IAM Architect, Unicon, Inc.
--
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200213/3efc8d93/attachment.html>
More information about the users
mailing list