Dan, Thanks - yes, bypassing each of the non-MFA-eligible services is my fallback plan if I can't figure this one out. Was hoping not to have to do that though!
-Dave On Friday, September 21, 2018 at 4:10:50 PM UTC-4, de3 wrote: > > Hi Dave, > > Check out "Bypass Per Service" at: > https://apereo.github.io/cas/5.3.x/installation/Configuring-Multifactor-Authentication-Bypass.html#bypass-per-service > > Dan > > > On Fri, Sep 21, 2018 at 2:57 PM Dave B <[email protected] <javascript:>> > wrote: > >> Running latest CAS 5.3 and just implemented MFA. My goal is to have MFA >> disabled globally but able to be turned on based only on inclusion service >> registry. >> >> However, I can not get MFA to work on any service unless >> cas.authn.mfa.globalProviderId set to a value, in my case mfa-gauth. >> >> With the settings below, ALL services, regardless of inclusion of >> "multifactorPolicy", require MFA. My only option is to explicitly exclude >> (bypass) all other services for which I don't want to require MFA. >> >> Is this intended behavior? >> >> Relevant config: >> cas.properties: >> cas.authn.mfa.globalProviderId=mfa-gauth >> cas.authn.mfa.globalFailureMode=CLOSED >> >> >> "multifactorPolicy" : { >> "@class" : >> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy", >> "multifactorAuthenicationProviders" : [ "java.util.LinkedHashSet", [ >> "mfa-gauth" ] ], >> "failureMode" : "CLOSED" >> }, >> >> Thanks for any help! >> -Dave >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ef5cec95-795c-4288-b8e2-183550ecda62%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/ef5cec95-795c-4288-b8e2-183550ecda62%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a1cdccda-4908-4849-991f-8fa85a8f8713%40apereo.org.
