Well, I really appreciate the help from everyone, and it's time to own up
to an embarrassing mistake.
>
> "multifactorAuthenicationProviders" : [ "java.util.LinkedHashSet", [
> "mfa-gauth" ] ],
should be "multifactorAuthen*t*icationProviders" : [
"java.util.LinkedHashSet", [ "mfa-gauth" ] ],
Ouch.
Thank you again everyone.
-Dave
On Friday, September 21, 2018 at 2:56:53 PM UTC-4, Dave B wrote:
>
> Running latest CAS 5.3 and just implemented MFA. My goal is to have MFA
> disabled globally but able to be turned on based only on inclusion service
> registry.
>
> However, I can not get MFA to work on any service unless
> cas.authn.mfa.globalProviderId set to a value, in my case mfa-gauth.
>
> With the settings below, ALL services, regardless of inclusion of
> "multifactorPolicy", require MFA. My only option is to explicitly exclude
> (bypass) all other services for which I don't want to require MFA.
>
> Is this intended behavior?
>
> Relevant config:
> cas.properties:
> cas.authn.mfa.globalProviderId=mfa-gauth
> cas.authn.mfa.globalFailureMode=CLOSED
>
>
> "multifactorPolicy" : {
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
> "multifactorAuthenicationProviders" : [ "java.util.LinkedHashSet", [
> "mfa-gauth" ] ],
> "failureMode" : "CLOSED"
> },
>
> Thanks for any help!
> -Dave
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6f63aae5-9660-4c71-ac86-a6763d19b790%40apereo.org.
