forceAuthn with CAS Service Providers....
Michael A Grady
mgrady at unicon.net
Thu Feb 13 09:46:56 EST 2020
Note you'd need to be on IdP v3.4 or later for that forceAuthn flag to be supported.
> On Feb 13, 2020, at 8:43 AM, Michael A Grady <mgrady at unicon.net> wrote:
>> On Feb 12, 2020, at 8:54 PM, Melvin Lasky <melvin.lasky at manhattan.edu <mailto:melvin.lasky at manhattan.edu>> wrote:
>> Hey all,
>> We got a bunch of CAS service Providers in our Shibboleth implementation. I’m probably being naive, but how do I set the forceAuthn on those CAS providers? Is it even possibly?
>> Any suggestions or pointers would be greatly appreciated.
> You can do it by establishing a common p:group name for those services in your CAS registry (cas-protocol.xml), like "forceAuthnCAS", and then referencing that group name in a relying party override similar to this:
> <bean id="casForceAuthn" parent="RelyingPartyByGroup" c:groupNames="forceAuthnCAS">
> <property name="profileConfigurations">
> <bean parent="CAS.LoginConfiguration" p:forceAuthn="true" >
> <ref bean="CAS.ValidateConfiguration" />
> Michael A. Grady
> IAM Architect, Unicon, Inc.
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users