I'm afraid that v4 of CAS does not natively support multi phased authentication transactions for several different authentication factors. Upcoming v5 does. Best, D.
On Wed, Jun 1, 2016 at 03:11, Nouman Fallouh <[email protected]> wrote: Briefly, I want authentication system supports (username, password and optional otp), all these data are stored and managed in a database. According to previous discussion here - since it was Jasig CAS, v3.5.x and v4.0.x - the solution was to customize a new credentials which supports OTP and then re-build all needed classes and components around it. With new version, I would like a general guidelines about the best way for doing this with, is it by: 1. as I did before, a custom authentication by extending one of the database handlers, 2. using two handlers, database and custom OTP supports the new `OneTimePasswordCredential` class, with suitable policy, 3. using two steps authentication, in the default login view: authenticates the username and password, if okay it presents custom view: authenticated the OTP if it's required. 4. or any other way you would prefer. Thanks in advance, Regards, On Tue, May 31, 2016 at 3:43 PM, Misagh Moayyed < [email protected] [[email protected]] > wrote: What is it that you’re trying to do? From: Nouman Fallouh [mailto: [email protected] [[email protected]] ] Sent: Monday, May 30, 2016 3:19 AM To: [email protected] [[email protected]] ; [email protected] [[email protected]] Subject: Re: Fwd: [cas-user] OTP MFA Hi, Where can I find a guided steps of using the ` RequiredHandlerAuthenticationPolicy`, where as I read in the documentation that: This policy could be used to support a multi-factor authentication situation, for example, where username/password authentication is required but an additional OTP is optional. Or at least what are the CAS components I should use, work on or modify? Regards, On Wed, May 25, 2016 at 11:17 AM, Nouman Fallouh < [email protected] [[email protected]] > wrote: Thanks Jonathan, I've already worked around it by extending the UsernamePasswordCredential and a related database authentication handler. Honestly, I'm looking for a solution using the CAS abilities without external modules and with minimum core modifications. Regards, On Mon, May 23, 2016 at 8:46 PM, Jonathan Bell < [email protected] [[email protected]] > wrote: Hi Nouman, We here at URQUi have adapted our OTP software for CAS. Information and software can be found here: https://github.com/urqui/cas [https://github.com/urqui/cas] Feel free to contact me if you have any questions about CAS/OTP and URQUi. cheers Jonathan. web: http://urqui.com/ [http://urqui.com/] ---------- Forwarded message ---------- From: Nouman Fallouh < [email protected] [[email protected]] > Date: Mon, May 23, 2016 at 4:01 AM Subject: [cas-user] OTP MFA To: [email protected] [[email protected]] Hi I'm reading in here: http://apereo.github.io/cas/4.2.x/installation/Configuring-Multifactor-Authentication.html [http://apereo.github.io/cas/4.2.x/installation/Configuring-Multifactor-Authentication.html] the following lines: The kinds of required credentials are specified by naming the authentication handlers that accept them, for example, ldapHandler and oneTimePasswordHandler . Thus a service could be registered that imposes security constraints like the following: Only permit users with SSO sessions created from both a username/password and OTP token to access this service. H ow can I find such oneTimePasswordHandler handler? or it's a one I should invent? Is there any guided steps of how I can apply such scenario? Regards, -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] [[email protected]] . To post to this group, send email to [email protected] [[email protected]] . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ [https://groups.google.com/a/apereo.org/group/cas-user/] . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxb4w5T7oj%2Bism8GbDKET-omLRykDh3asjewdaWE3iGw8A%40mail.gmail.com [https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxb4w5T7oj%2Bism8GbDKET-omLRykDh3asjewdaWE3iGw8A%40mail.gmail.com] . For more options, visit https://groups.google.com/a/apereo.org/d/optout [https://groups.google.com/a/apereo.org/d/optout] . -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] [[email protected]] . To post to this group, send email to [email protected] [[email protected]] . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ [https://groups.google.com/a/apereo.org/group/cas-user/] . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/029301d1bb3a%240addcb60%2420996220%24%40unicon.net [https://groups.google.com/a/apereo.org/d/msgid/cas-user/029301d1bb3a%240addcb60%2420996220%24%40unicon.net?utm_medium=email&utm_source=footer] . For more options, visit https://groups.google.com/a/apereo.org/d/optout [https://groups.google.com/a/apereo.org/d/optout] . -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] [[email protected]] . To post to this group, send email to [email protected] [[email protected]] . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ [https://groups.google.com/a/apereo.org/group/cas-user/] . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxY3xNUAEPruoBUVkajuMS-5WbYm%3DWFvuZbRk0m7rjo8bw%40mail.gmail.com [https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxY3xNUAEPruoBUVkajuMS-5WbYm%3DWFvuZbRk0m7rjo8bw%40mail.gmail.com?utm_medium=email&utm_source=footer] . For more options, visit https://groups.google.com/a/apereo.org/d/optout [https://groups.google.com/a/apereo.org/d/optout] . -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1464776714791-8303892d-1a375a98-428619d4%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
