In service definition, something like this exists :
multifactorPolicy:
{
@class:
org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
multifactorAuthenticationProviders:
[
java.util.HashSet
[
mfa-gauth
]
]
failureMode: UNDEFINED
principalAttributeNameTrigger: mfaTrigger
principalAttributeValueToMatch: "true"
bypassEnabled: false
}If I'm not mistaken, 2FA will trigger only if user has an attribute named "mfaTrigger" with the value "true" (both are customizable of course). And the only 2FA asked will be gauth. For a more complex use case, you can use a groovy script to inspect user attributes and take the appropriate decision. Regards. Le 23/03/2021 à 15:23, Bartosz Nitkiewicz a écrit : > Hello, > > We thought about another authentication step for users to access some > services. The problem is that it can't be mandatory. User can turn 2FA > on and off. It could be possible by one of LDAP extended attributes. > Then if user has this attribute set to, let's say true, then CAS will > use 2FA method. If not just regular LDAP authentication. > I know it is possible to use different authentication methods depends > on service. > > I'm wondering if it is possible. And how to setup CAS for it. > -- > - Website: https://apereo.github.io/cas <https://apereo.github.io/cas> > - Gitter Chatroom: https://gitter.im/apereo/cas > <https://gitter.im/apereo/cas> > - List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7> > - Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG> > --- > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a83e90e-b6c3-4bdb-917d-d59141c2d6f2%40nitkiewicz.eu > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a83e90e-b6c3-4bdb-917d-d59141c2d6f2%40nitkiewicz.eu?utm_medium=email&utm_source=footer>. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/78ea7e2f-5f82-3778-c49c-75d9acdc09ea%40ch-poitiers.fr.
smime.p7s
Description: Signature cryptographique S/MIME
