Dirk, Sorry for the huge delay, here's all my config related to the cas.authn.mfa.gauth piece (sans our JPA config, since it doesn't sound like you need it):
cas.authn.mfa.globalFailureMode=OPEN #cas.authn.mfa.globalPrincipalAttributeNameTriggers=mfa-user #cas.authn.mfa.globalProviderId=mfa-gauth cas.authn.mfa.groovyScript=file:/usr/tomcat/mfaAuthTrigger.groovy cas.authn.mfa.gauth.issuer=TEST cas.authn.mfa.gauth.label=TEST cas.authn.mfa.gauth.windowSize=3 cas.authn.mfa.gauth.codeDigits=6 cas.authn.mfa.gauth.timeStepSize=30 cas.authn.mfa.gauth.rank=0 #cas.authn.mfa.gauth.trustedDeviceEnabled=false -- I still can't get this to work cas.authn.mfa.gauth.name=TEST cas.authn.mfa.gauth.cleaner.schedule.enabled=true cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000 cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000 Be sure the file is on a location that the tomcat user can read from. I just put it in tomcat root for simplicity's sake. I hope this helps if you're still having problems. Thanks, -Jonathan On Wednesday, August 22, 2018 at 3:08:50 PM UTC-5, Dirk Tepe wrote: > > Can you provide some details regarding your configuration to get > cas.authn.mfa.groovyScript working? I'm currently using a groovy script for > MFA bypass successfully but now have need to use one for triggering as > well. However, the triggering script example wraps the run method in a > class and I've not been successful in getting it executed. CAS complains if > I have the path to the file incorrect, so I know it's at least identifying > that the file exists, I just can't figure out how to get it executed. > > Thanks, > > -dirk > > On Monday, July 2, 2018 at 3:06:05 PM UTC-4, Jonathan Barrett wrote: >> >> All, >> >> I was able to resolve the issue by rethinking my program flow and instead >> rewrite the groovy file to run off of the cas.authn.mfa.groovyScript >> property so it controls the trigger of MFA instead of bypassing activated >> MFA. Better to not trigger MFA at all instead of try to bypass in my case. >> Plus, this gave me the ability to do more preprocessing to push people >> around to multiple MFA providers as needed. Be aware that service.id at >> the trigger level is the URL instead of the service registry name/ID. Hope >> this helps someone. >> >> -Jonathan >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ceaf9267-c5c6-4597-b029-36487945f801%40apereo.org.
