Hi Owen, i had to add some parameters to the application.properties to make this feature work :
cas.authn.mfa.trusted.deviceFingerprint.cookie.name=MFATRUSTED #=> not sure this is needed cas.authn.mfa.trusted.deviceFingerprint.cookie.domain=*****.**** cas.authn.mfa.trusted.deviceFingerprint.cookie.path= cas.authn.mfa.trusted.deviceFingerprint.cookie.httpOnly=true cas.authn.mfa.trusted.deviceFingerprint.cookie.secure=false On Thursday, July 12, 2018 at 9:08:27 PM UTC+2, Owen wrote: > > > Hello: guys > > I try to implement Multifactor Authentication Trusted Device/Browser > function in my application. > > The config in cas.properties has the following for this: > > > cas.authn.mfa.trusted.authenticationContextAttribute=isFromTrustedMultifactorAuthentication > > cas.authn.mfa.trusted.deviceRegistrationEnabled=true > > cas.authn.mfa.trusted.expiration=30 > > cas.authn.mfa.trusted.timeUnit=DAYS > > > > When I try to log in, I only see the browser contain two cookies > > > JSESSIONID > > org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE > > > > So when the cas server try to generate the device finger print. it try to > look for MFATRUSTED cookie in the request. but it can not be founded, so > it use random string. > > > > Since this is random string which is used to generate the device finger > print, each time it will be different one, the register device function > won't work at all. > > > Please help me what I should do. > > > Thanks > > Owen > > > <https://lh3.googleusercontent.com/-xUn4rWX8I_I/W0enFlbYptI/AAAAAAAAAB4/-FcHWoaMthorM6z1ryrfERC07L0JumSIwCLcBGAs/s1600/cookies.png> > > <https://lh3.googleusercontent.com/-xUn4rWX8I_I/W0enFlbYptI/AAAAAAAAAB4/-FcHWoaMthorM6z1ryrfERC07L0JumSIwCLcBGAs/s1600/cookies.png> > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/571fac93-9286-422d-855e-edeac94b258e%40apereo.org.
