We might be able to make something work if it's tied to a principal, but 
again, I'm not sure how to do this. The docs say, "MFA can be triggered 
for all users/subjects carrying a specific attribute that matches 
configured attribute value. The attribute value is a regex pattern and 
must match the provider id of an available MFA provider described above." 
What this means is, you configure CAS to trigger based on an attribute “x”, 
that is resolved for the principal, whose value is for instance “mfa-duo”, or 
“mfa-.+”.

Also, I was wrong. Global triggers are supported; just weren’t documented then:

https://apereo.github.io/cas/development/installation/Configuring-Multifactor-Authentication.html#global
 

https://apereo.github.io/cas/development/installation/Configuration-Properties.html#multifactor-authentication
 

There is a setting for a global provider id. Set it to the provider id of 
choice, “mfa-duo”.




-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57feb1e9.401e3e5d.5303%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Reply via email to