Following up from this, I was able to get SPNEGO+Duo-MFA working by
making sure that the SPNEGO webflow is ordered before DuoSecurity webflow.
Specifically, I modified the WEBFLOW_CONFIGURER_ORDER from 0 to 50 in
DuoSecurityAuthenticationEventExecutionPlanConfiguration
private static final int WEBFLOW_CONFIGURER_ORDER = 50;
And changed SPNEGO from 100 to be 5 via in SpnegoProperties.java
private WebflowAutoConfigurationProperties webflow = new
WebflowAutoConfigurationProperties().setOrder(5);
(The numbers chosen were basically random on my part as part of
debugging; I have no strong sense of what numbers should be best).
I also noticed that google-mfa+spnego will also not work, unless spnego
is put to run before the google-mfa order (currently set to 100 as well).
I guess the question is if this is intended, if there are downsides to
changing the order of webflow, and if there is a more elegant way than
recompiling to get this to work. (I see a way to customize the webflow
in the docs, but not sure how to wire up existing flows properly).
In any case, thanks in advance for any help!
Matt
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6fab66f8-567f-47a6-8ec9-da04a852c25b%40melson.fastmail.net.
