Not sure if this is a weird local config or some sort of bug.
I have these set globally in cas.properties.
cas.authn.mfa.duo[0].bypass.principal-attribute-name=mfaDisable
cas.authn.mfa.duo[0].bypass.principal-attribute-value=nomfa
When SAML IdP support is included in the WAR overlay with:
implementation "org.apereo.cas:cas-server-support-saml-idp",
I get a NullPointerException after the Duo Push when the mfaDisable
attribute is null.
and I include it in the list of released attributes in the service
definition like this:
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "cn", "mail", "sn",
"uid", "displayName", "memberOf", "mfaDisable", "sAMAccountName",
"departmentNumber" ] ]
}
If I remove it from this list, there is no exception. The departmentNumber
attribute is also null and does not trigger the exception.
If the mfaDisable attribute has a value, the exception is not triggered.
Also, if I remove SAML IdP support from the WAR overlay, it does not
trigger an exception.
My workaround for now is to remove the mfaDisable attribute while keeping
SAML support.
Any ideas?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a94963c7-dcdc-4353-a83d-242dafd29be7n%40apereo.org.
