Ref: https://github.com/apereo/cas/pull/4791
I understand my PR breaks security, but I still wish to fix this problem in alternative way. Logging in https://<hostname>/cas directly is important in testing, which is impossible if MFA trust device is enabled. The problem is in support/cas-server-support-trusted-mfa-core/src/main/java/org/apereo/cas/trusted/authentication/DefaultMultifactorAuthenticationTrustedDeviceBypassEvaluator.java, which receives a null registeredService, therefore causing exception in registeredServiceAccessStrategyEnforcer.execute(audit). To workaround the problem, I'd like to ask is is possible to create a dummy RegisteredService, so that registeredServiceAccessStrategyEnforcer.execute would not fail? Any security concerns? -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/c7c6167c-7f03-41ae-9af6-87f22a871efc%40apereo.org.
