Gautham, Cas processes the authentication methods in the order they are listed in the config. If local ldap is last, all others will have to fail before it is tried. https://apereo.github.io/cas/7.1.x/authentication/Configuring-Authentication-Components.html#authentication-sequence You can also assign an order to each method.
Or user authentication resolution strategy rather than authentication policy. https://apereo.github.io/cas/7.1.x/authentication/Configuring-Authentication-Resolution.html Ray ________________________________ From: cas-user@apereo.org <cas-user@apereo.org> on behalf of gautham jampala <gautam0...@gmail.com> Sent: April 9, 2025 09:02 To: cas-user@apereo.org <cas-user@apereo.org> Subject: [cas-user] CAS 7.1.4 Limit Delegation/Proxy user from using basic Auth LDAP You don't often get email from gautam0...@gmail.com. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Hello, I have 2 primary modes of authentication, one being an inhouse LDAP where username and passwords are stored for internal users and another Microsoft Entra(There could be multiple, basically each company having one) for some external users. I have both flows running properly. I want to stop external users from logging in via LDAP. Ideally if an external user enters their email and password, I want CAS to redirect them to the appropriate Entra url based on their domain name. I did setup a: cas.authn.policy.groovy[0].script=file:/authRouting.groovy where I return an exception if the user is external, but this script is called after LDAP authentication is successful and only returns an abstract message that the user is not authenticated. Are there any other properties that I could use to redirect user based on their domain name to different authentication action Thank you, Gautham -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABhcCS1FdWAtQBAsFVpvvGOCi%3DrPY48f9JLaKrpZb1d5Y%3DW06A%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABhcCS1FdWAtQBAsFVpvvGOCi%3DrPY48f9JLaKrpZb1d5Y%3DW06A%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB00812F5E57284CBA357D2758CEB22%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM.
