hello, CAS 6.6 MFA trusted device implementation, the doc says Device Fingerprint's default is:
- Randomly generated cookie plus the client IP (default) But in cas.properties have this as default: cas.authn.mfa.trusted.device-fingerprint.client-ip.enabled=false 1, what is the default device fingerprint component: Cookie only or Cookie and client-IP? 2, why would we need client IP in addition to cookie? is not cookie unique to the browser instance that navigating to CAS? when we add Client IP, the same browser on the same device is not always recognized as a registered device (as device may get a different IP, but the device itself is the same one), and that may add customer confusion (why did not CAS remember Me?) in our production, we have this, it seems to work for us well. cas.authn.mfa.simple.trustedDeviceEnabled=true cas.authn.mfa.trusted.device-fingerprint.client-ip.enabled=false cas.authn.mfa.trusted.device-fingerprint.cookie.enabled=true cas.authn.mfa.trusted.device-fingerprint.user-agent.enabled=false I did not want to unknowingly introduce weakness in device fignerprint. did i miss anything? Yan -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/77df9f26-68f3-4ae2-9a3f-ecb0736996b6n%40apereo.org.
