Following up from this, I was able to get SPNEGO+Duo-MFA working by
making sure that the SPNEGO webflow is ordered before DuoSecurity webflow.
Specifically, I modified the WEBFLOW_CONFIGURER_ORDER from 0 to 50 in
DuoSecurityAuthenticationEventExecutionPlanConfiguration
private static final in
Currently testing an upgrade to CAS 7.0.2 and running into an issue
where if the user authenticates with Spnego/Kerberos, Duo-MFA will not
trigger properly (user is dropped back to the standard login page, which
works fine). The same config works fine in CAS 6.6.x if I flip back and
I've tried
