With debug on I can see it being skipped?? Of course I have attributes
defined and WANT it to trigger, and the attributes/values match and still
says its skipping
DEBUG
[org.apereo.cas.authentication.DefaultMultifactorAuthenticationProviderResolver]
- <Locating attribute value for attribute(s): [[eduPersonAffiliation]].>
DEBUG
[org.apereo.cas.authentication.DefaultMultifactorAuthenticationProviderResolver]
- <Located attribute value [[staff]] for [[eduPersonAffiliation]]>
DEBUG [org.apereo.cas.authentication.MultifactorAuthenticationUtils] -
<Attribute value [staff] is a single-valued attribute>
....
....
DEBUG
[org.apereo.cas.authentication.mfa.trigger.RegisteredServiceMultifactorAuthenticationTrigger]
- <Authentication policy for [^(http|https)://changed.name.com.*] has
defined principal attribute triggers. Skipping...>
On Wednesday, March 2, 2022 at 9:19:51 AM UTC-6 John wrote:
> I have added the "Principal Attribute Per Application" MFA setting, CAS
> 6.4.6 , and MFA never triggers, if I remove the
> principalAttributeNameTrigger and principalAttributeValueToMatch it works
> just fine. I can see in the console and logs, the attribute values are
> retrieved from ldap and doesnt trigger still. See below, the attribute
> eduPersonAffiliation=staff but doesnt trigger. Anything else need to be set
> to get it working?
>
> console log:
>
> multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[mfa-gauth,
>
> mfa-webauthn], failureMode=UNDEFINED,
> principalAttributeNameTrigger=eduPersonAffiliation,
> principalAttributeValueToMatch=staff, bypassEnabled=false,
> forceExecution=true, bypassTrustedDeviceEnabled=false,
> bypassPrincipalAttributeName=null, bypassPrincipalAttributeValue=null,
> script=null)
>
> audit log:
>
> "attributes\":{\"cn\":[\"changed name\"],\"displayName\":[\"changed
> name\"],\"eduPersonAffiliation\":[\"staff\"],
>
> service:
>
> "multifactorPolicy":
> {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
> "multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [
> "mfa-gauth", "mfa-webauthn"] ],
> "principalAttributeNameTrigger" : "eduPersonAffiliation",
> "principalAttributeValueToMatch" : "staff",
> },
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4d18130d-779a-4026-89da-00e7cadee55an%40apereo.org.
