[cas-user] Re: authenticationMethod mfa-simple + LdapAuthenticationHandler

Fri, 17 Nov 2023 05:03:24 -0800 

Sounds great!
Update other configs with the  format of naming convention in v6.6.x
On Friday, November 17, 2023 at 12:32:18 PM UTC+3:30 Jorge Bastida wrote:

> Hello again, 
>
> Just to say that I have solved my problem by adding this property to the 
> *cas.properties 
> *
>
> cas.authn.attribute-repository.core.merger=MULTIVALUED
>
> thanks in any case
>
> El viernes, 17 de noviembre de 2023 a las 8:37:08 UTC+1, Jorge Bastida 
> escribió:
>
>> Of course
>>
>> *cas.properties:*
>>
>> ...
>> cas.authn.mfa.simple.name=mfa-simple
>>
>> cas.authn.mfa.simple.order=1
>>
>> cas.authn.mfa.simple.token.core.timeToKillInSeconds=90
>>
>> cas.authn.mfa.simple.sms.from=Company Name
>>
>> cas.authn.mfa.simple.sms.text=Code: ${token}
>>
>> cas.authn.mfa.simple.sms.attribute-name=irisPersonalUniqueID
>>
>> ...
>>
>> cas.authn.ldap[0].name=LdapAuthenticationHandler
>>
>> cas.authn.ldap[0].hostnameVerifier=ANY
>>
>> cas.authn.ldap[0].followReferrals=true
>>
>> cas.authn.ldap[0].min-pool-size=5
>>
>> cas.authn.ldap[0].max-pool-size=100
>>
>> cas.authn.ldap[0].validateOnCheckout=false
>>
>> cas.authn.ldap[0].validatePeriodically=true
>>
>> cas.authn.ldap[0].blockWaitTime=PT5S
>>
>> cas.authn.ldap[0].connectTimeout=PT1M
>>
>> cas.authn.ldap[0].validatePeriod=PT5M
>>
>> cas.authn.ldap[0].prunePeriod=PT5M
>>
>> cas.authn.ldap[0].validateTimeout=PT5S
>>
>> cas.authn.ldap[0].responseTimeout=PT5S
>>
>> cas.authn.ldap[0].idleTime=PT5M
>>
>> cas.authn.ldap[0].poolPassivator=BIND
>>
>> cas.authn.ldap[0].type=AUTHENTICATED
>>
>> cas.authn.ldap[0].passwordPolicy.enabled=true
>>
>> cas.authn.ldap[0].passwordPolicy.type=GENERIC
>>
>> cas.authn.ldap[0].passwordPolicy.warnAll=false
>>
>> cas.authn.ldap[0].passwordPolicy.warningDays=60
>>
>>
>> cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException
>>
>> cas.authn.ldap[0].order=0
>>
>> ...
>>
>> *service.json*
>>
>> {
>>
>>   "@class": "org.apereo.cas.services.CasRegisteredService",
>>
>>   "id": 168,
>>
>>   "name": “Service Name”,
>>
>>   "description": "Service Description”,
>>
>>   "serviceId": "^http.*://service.com/.*”,
>>
>>   "evaluationOrder": 168,
>>
>>   "logoutType": "BACK_CHANNEL",
>>
>>   "authenticationPolicy" : {
>>
>>     "@class" : 
>> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
>>
>>     "requiredAuthenticationHandlers" : ["java.util.TreeSet", [ 
>> "LdapAuthenticationHandler", "mfa-simple" ]]
>>
>>   },
>>
>>   "accessStrategy": {
>>
>>     "@class": 
>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>>
>>     "enabled": true,
>>
>>     "ssoEnabled": true,
>>
>>     "delegatedAuthenticationPolicy": {
>>
>>       "@class": 
>> "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
>>
>>       "permitUndefined": false
>>
>>     },
>>
>>   "usernameAttributeProvider": {
>>
>>     "@class": 
>> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider"
>>
>>   },
>>
>>   "multifactorPolicy": {
>>
>>     "@class": 
>> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
>>
>>     "multifactorAuthenticationProviders": [
>>
>>       "java.util.LinkedHashSet",
>>
>>       [
>>
>>         "mfa-simple"
>>
>>       ]
>>
>>     ],
>>
>>     "forceExecution": true
>>
>>   },
>>
>>   "attributeReleasePolicy": {
>>
>>     "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
>>
>>     "authorizedToReleaseCredentialPassword": false,
>>
>>     "authorizedToReleaseProxyGrantingTicket": false
>>
>>   }
>>
>> }
>>
>>
>> If I access the service the value of *authenticationMethod* is:
>>
>>  [image: Captura de pantalla 2023-11-17 a las 8.10.04.png]
>>
>>
>> the log file is very large, any particular lines?
>>
>>
>>
>>
>>
>>
>>
>> El jueves, 16 de noviembre de 2023 a las 20:30:31 UTC+1, Meysam Shirazi 
>> escribió:
>>
>> Hi Jorge
>> Please share the configuration, and any log if available.
>>
>> On Thursday, November 16, 2023 at 3:22:43 PM UTC+3:30 Jorge Bastida wrote:
>>
>> Good morning, 
>>
>> In CAS 6.3.7 when authenticating a service with mfa-simple the value of 
>> authenticationMethod was: 
>>
>> authenticationMethod:
>>  1.-LdapAuthenticationHandler
>>  2.- mfa-simple
>>
>> However in 6.6.13 when I authenticate an identical service the value of 
>> my authenticationMethod is the following.
>> authenticationMethod: mfa-simple
>>
>> The LdapAuthenticationHandler registry is lost, is there any way to 
>> replicate the CAS 6.3.7 behavior in 6.6.13?
>>
>> Thank you very much in advance.
>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1c90da7-2b22-4989-9577-be927a4aec91n%40apereo.org.

Reply via email to