But it's not clear to me how they are actually used, or if there is in fact a way to bypass MFA on a per-service basis. Bypass rules cannot be done per service now. Certainly something that can be added in a follow-up minor release perhaps. Some examples in the docs describe typical use cases, but nothing that can be done per service, if you have enabled MFA globally.
I can't find any examples or relevant-seeming properties in the documentation. Ouch. Yeah this is missing from the docs. I’ll take care of it shortly. -- CAS gitter chatroom: https://gitter.im/apereo/cas CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html CAS documentation website: https://apereo.github.io/cas CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to firstname.lastname@example.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.58068295.152020af.3323%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.