Hey Manfredo, I'm actually trying to go with the bypass vs the provider selector: Shown Here <https://apereo.github.io/cas/5.2.x/installation/Configuring-Multifactor-Authentication-Bypass.html>. I'm hoping to simplify the environment to only one Duo instance with the use of an LDAP attribute that will be utilized in the groovy script once I get the script to run.
But, it seems that there are typos and other missing details from the samples. For example, the first one returns a boolean while the second one returns a String. Both are meant to be the same thing. The first also has an import for java.util.* while the second either ignores it or omits it. On Thursday, February 8, 2018 at 9:28:29 AM UTC-5, Manfredo Hopp wrote: > > In version 5.2 this should be > > cas.authn.mfa.providerSelectorGroovyScript=file:/etc/cas/wathever.groovy > > > El jueves, 8 de febrero de 2018, brian mancuso <[email protected] > <javascript:>> escribió: > >> Alright Misagh and Manfredo, I believe you're both putting me on the >> right track with this. Unfortunately, I haven't used a groovy script before >> and I'm having trouble getting it to get picked up by CAS. Could either of >> you help with this example? >> >> */etc/cas/selectiveDuo.groovy:* >> >> def String run(final Object... args) { >> >> def authentication = args[0] >> >> def principal = args[1] >> >> def service = args[2] >> >> def provider = args[3] >> >> def logger = args[4] >> >> def httpRequest = args[5] >> >> logger.info("Evaluating principal attributes ${principal.attributes}" >> ) >> >> def bypass = principal.attributes['uid'] >> if (bypass.contains("testuid")) { >> >> logger.info("Skipping bypass for principal ${principal.id} >> return false >> >> } >> >> return true >> >> } >> Is this really what the groovy file should look like or am I missing >> imports and package info at the top? I never get any info logged, so I'm >> pretty sure this script never gets run. >> >> */etc/cas/config/cas.properties:* >> >> >> >> >> *cas.authn.mfa.duo[0].rank=0cas.authn.mfa.duo[0].duoApiHost=REMOVEDcas.authn.mfa.duo[0].duoIntegrationKey=REMOVEDcas.authn.mfa.duo[0].duoSecretKey=REMOVEDcas.authn.mfa.duo[0].duoApplicationKey=REMOVEDcas.authn.mfa.duo[0].id=mfa-duocas.authn.mfa.globalProviderId=mfa-duocas.authn.mfa.globalPrincipalAttributePredicate=file:///etc/cas/selectiveDuo.groovy* >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/9ade320d-4c96-4c23-b22b-a830387cf692%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/9ade320d-4c96-4c23-b22b-a830387cf692%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe234592-f340-472c-84c3-65c55ccd0a5e%40apereo.org.
