[cas-user] cas5 MFA for SAML2 SP

Thu, 17 Nov 2016 09:18:52 -0800 

Can MFA can be triggered for a specific SAML2 SP inside the CAS service 
registry. I am using following JSON but it's not triggering the DUO login . 
I am able to login to SP though.

{
  @class: org.apereo.cas.support.saml.services.SamlRegisteredService
  serviceId: 
https://localhost:8443/spring-security-saml2-sample/saml/metadata
  name: SAMLService
  id: 10000023
  description: SAML Client Metadata
  evaluationOrder: 10
  logoutType: BACK_CHANNEL
  attributeReleasePolicy:
  {
    @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
    principalAttributesRepository:
    {
      @class: 
org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository
      expiration: 2
      timeUnit: HOURS
    }
    authorizedToReleaseCredentialPassword: false
    authorizedToReleaseProxyGrantingTicket: false
  }
  multifactorPolicy:
  {
    @class: 
org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
    multifactorAuthenticationProviders:
    [
      java.util.HashSet
      [
        mfa-duo
      ]
    ]
    failureMode: CLOSED
    principalAttributeNameTrigger: eduPersonAffiliation
    principalAttributeValueToMatch: alum
  }
  accessStrategy:
  {
    @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
    enabled: true
    ssoEnabled: true
    requireAllAttributes: true
    caseInsensitive: false
  }
  metadataLocation: /home/cas/spring-security-saml.xml
  metadataMaxValidity: 0
  signAssertions: false
  signResponses: true
  encryptAssertions: false
  metadataCriteriaRoles: SPSSODescriptor
  metadataCriteriaRemoveEmptyEntitiesDescriptors: true
  metadataCriteriaRemoveRolelessEntityDescriptors: true
}


-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/af79c4d3-0230-4a39-9b46-6018136e19c6%40apereo.org.

Reply via email to