Running latest CAS 5.3 and just implemented MFA. My goal is to have MFA
disabled globally but able to be turned on based only on inclusion service
registry.
However, I can not get MFA to work on any service unless
cas.authn.mfa.globalProviderId set to a value, in my case mfa-gauth.
With the settings below, ALL services, regardless of inclusion of
"multifactorPolicy", require MFA. My only option is to explicitly exclude
(bypass) all other services for which I don't want to require MFA.
Is this intended behavior?
Relevant config:
cas.properties:
cas.authn.mfa.globalProviderId=mfa-gauth
cas.authn.mfa.globalFailureMode=CLOSED
"multifactorPolicy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"multifactorAuthenicationProviders" : [ "java.util.LinkedHashSet", [
"mfa-gauth" ] ],
"failureMode" : "CLOSED"
},
Thanks for any help!
-Dave
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ef5cec95-795c-4288-b8e2-183550ecda62%40apereo.org.
