Finally everything is working as expected. I've moved whole cas.properties
config to Vault, set up Redis to store Google Auth registered devices.
Now, I'm wondering how to make possible for end user add another device?
How to remove registered device? Any hints?
Thanks in advance
Regards
wtorek, 23 marca 2021 o 18:05:15 UTC+1 Philippe MARASSE napisał(a):
> In service definition, something like this exists :
>
> multifactorPolicy:
> {
> @class:
> org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
> multifactorAuthenticationProviders:
> [
> java.util.HashSet
> [
> mfa-gauth
> ]
> ]
> failureMode: UNDEFINED
> principalAttributeNameTrigger: mfaTrigger
> principalAttributeValueToMatch: "true"
> bypassEnabled: false
> }
>
> If I'm not mistaken, 2FA will trigger only if user has an attribute named
> "mfaTrigger" with the value "true" (both are customizable of course). And
> the only 2FA asked will be gauth.
>
> For a more complex use case, you can use a groovy script to inspect user
> attributes and take the appropriate decision.
>
> Regards.
>
>
> Le 23/03/2021 à 15:23, Bartosz Nitkiewicz a écrit :
>
> Hello,
>
> We thought about another authentication step for users to access some
> services. The problem is that it can't be mandatory. User can turn 2FA on
> and off. It could be possible by one of LDAP extended attributes. Then if
> user has this attribute set to, let's say true, then CAS will use 2FA
> method. If not just regular LDAP authentication.
> I know it is possible to use different authentication methods depends on
> service.
>
> I'm wondering if it is possible. And how to setup CAS for it.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
>
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a83e90e-b6c3-4bdb-917d-d59141c2d6f2%40nitkiewicz.eu
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a83e90e-b6c3-4bdb-917d-d59141c2d6f2%40nitkiewicz.eu?utm_medium=email&utm_source=footer>
> .
>
>
>
> --
> Philippe MARASSE
>
> Responsable pôle Infrastructures - DSIO
> Centre Hospitalier Henri Laborit
> CS 10587 - 370 avenue Jacques Cœur
> 86021 Poitiers Cedex
> Tel : 05.49.44.57.19
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6b754b8f-a027-4d35-96de-1e16ea2b7440n%40apereo.org.
