(Apologies for the repost. The CAS version has been added in the subject line as well as the cas.properties file)
We are testing a CAS 7.0.3 POC system using universal prompt DUO MFA. The system is configured to use OpenLDAP for authentication. However, once DUO MFA is enabled via the Fawnoos blog entry, the attributes returned for the principal are from DUO. How do we tell CAS to only use the LDAP attribute repository? Thanks, Mike *cas.properties* cas.server.name=https://cas-poc.xxx.yyy cas.server.prefix=${cas.server.name}/cas cas.server.scope=xxx.yyy cas.host.name=xxx.yyy logging.config: file:/etc/cas/config/log4j2.xml logging.level.org.apereoi.cas=debug server.port=8443 server.ssl.enabled=true server.ssl.protocol=TLS server.ssl.key-store=file:/etc/cas/config/keystore.jks server.ssl.key-store-password=XXXXXXXXXXXXXXXXXXX server.ssl.key-password=YYYYYYYYYYYYYYYYY server.ssl.key-store-type=JKS server.ssl.key-alias=default server.servlet.context-path=/cas server.servlet.application-display-name=cas cas.server.tomcat.http[0].enabled=false cas.server.tomcat.http-proxy.enabled=true cas.server.tomcat.http-proxy.secure=false cas.server.tomcat.http-proxy.scheme=https cas.server.tomcat.http-proxy.protocol=HTTP/2 server.tomcat.remoteip.internal-proxies=AAA.BBB.CCC.DDD server.tomcat.accesslog.request-attributes-enabled=true server.tomcat.max-http-form-post-size=2097152 server.tomcat.max-threads=200 [service registry config omitted] cas.authn.accept.users= cas.authn.accept.enabled=false cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldap-url=ldaps://ldap1.xxx.yyy,ldaps://ldap2.xxx.yyy cas.authn.ldap[0].base-dn=dc=xxx,dc=yyy cas.authn.ldap[0].search-filter=(|(uid={user})(mailAddress={user})) cas.authn.ldap[0].bind-dn=uid=ro-ldap-user,ou=users,dc=xxx,dc=yyy cas.authn.ldap[0].bind-credential=XXXXXXXXXXXXXX cas.authn.ldap[0].principal-attribute-list=altEmailaltEmailDate,authViaAltEmailVerificationKey,[...] cas.authn.mfa.triggers.global.global-provider-id=mfa-duo cas.authn.mfa.duo[0].account-status-enabled=true cas.authn.mfa.duo[0].duo-secret-key=XXXXXXXXXXXXXXXXXXXXXXXXXX cas.authn.mfa.duo[0].duo-integration-key=YYYYYYYYYYYYYYYYY cas.authn.mfa.duo[0].duo-api-host=ZZZZZZZZZZZZZZZZZZZZZZ -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf545d20-77db-4b74-a612-d083b8f5e32cn%40apereo.org.
