I ran across this too. I had to add the gradle linkage for simple MFA to
get around this.
compile
"org.apereo.cas:cas-server-support-simple-mfa:${project.'cas.version'}"
Not sure why, but I did.
colin
On 2019-11-06 2:28 a.m., Andy Ng wrote:
Hi all,
In my quest to test out some CAS authentication, I stumble across
*Radius Authentication*:
https://apereo.github.io/cas/6.1.x/mfa/RADIUS-Authentication.html and
want to try it out. I am using CAS 6.1.x
I used freeradius docker varience
(https://hub.docker.com/r/freeradius/freeradius-server), and setup a
very simple testing config with a single user (i.e. bob),
_/etc/raddb/mods-config/files/authorize_
bob Cleartext-Password := "hello"
_/etc/raddb/clients.conf_
client dockernet {
ipaddr = 0.0.0.0/0
secret = testing123
}
and configure CAS using:
_cas.yml_
cas.authn.radius:
client.sharedSecret: testing123
client.inetAddress: my.radius.server
_build.gradle dependency:_
compile
"org.apereo.cas:cas-server-support-radius:${project.'cas.version'}"
But was greeted with the following error:
_Error Log_
2019-11-06 04:15:20,417 INFO
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authenticated principal [bob] with attributes [{EAP-Message=[[Binary
Data (length=22)]], Message-Authenticator=[[Binary Data (length=16)]],
State=[[Binary Data (length=16)]]}] via credentials
[[UsernamePasswordCredential(username=bob, source=null,
customFields={})]].>
2019-11-06 04:15:20,423 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: bob
WHAT: Supplied credentials: [UsernamePasswordCredential(username=bob,
source=null, customFields={})]
ACTION: *AUTHENTICATION_SUCCESS*
APPLICATION: CAS
WHEN: Wed Nov 06 04:15:20 GMT 2019
CLIENT IP ADDRESS: 172.20.0.1
SERVER IP ADDRESS: 172.20.0.5
=============================================================
>
*2019-11-06 04:15:20,434 ERROR
[org.apereo.cas.adaptors.radius.web.flow.RadiusAccessChallengedMultifactorAuthenticationTrigger]
- <No multifactor authentication providers are available in the
application context>*
2019-11-06 04:15:20,434 WARN
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
- <1 errors, 0 successes>
org.apereo.cas.authentication.AuthenticationException: 1 errors, 0
successes
Despite the Authentication success shown above, I was greeted with
error related to MFA.
My question is follows:
- Is there any misconfiguration from me above? Seems unlikely since I
did correctly see AUTHENTICATION_SUCCESS and didn't setup MFA.
- If my config is OK, is this true that Radius Authentication needs
MFA in order to work? Is that intended behavior?
- If no, then would need to look into why Radius Authentication is
linked together with MFA inseparably.
Thanks!
Cheers!
- Andy
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/da53899e-448f-44a8-a79a-9cb95bcffdcb%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/da53899e-448f-44a8-a79a-9cb95bcffdcb%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/17f9338a-0355-5472-0562-4c105f434c5c%40caveo.ca.
