CAS 5 returns authentication attributes (e.g., authenticationMethod, successfulAuthenticationHandlers) in addition to principal attributes.
Are these documented somewhere? Are they considered officially supported features that applications using CAS can rely on? For example, an application may want to know if MFA was used when authenticating a user. Is there a way to provide this information to the application? Empirically, it doesn't seem to be derivable from the observable authentication attributes. For example, I see the following returned even for a user that is not enrolled with Duo and thus is not prompted for the Duo MFA when authenticating. authnContextClass: mfa-duo successfulAuthenticationHandlers: [LdapAuthenticationHandler, DuoAuthenticationHandler] authenticationMethod: [LdapAuthenticationHandler, DuoAuthenticationHandler] Aloha, -baron -- Baron Fujimoto <[email protected]> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20161025194143.GJ64866%40praenomen.mgt.hawaii.edu.
