[cas-user] Re: cas5 MFA for SAML2 SP

Thu, 17 Nov 2016 09:35:15 -0800 

I was able to trigger it using the Opt-In Request Parameter but is there a 
way to do it using entityID in SAML2 SP service registry JSON ?

On Thursday, November 17, 2016 at 11:17:59 AM UTC-6, K S wrote:
>
> Can MFA can be triggered for a specific SAML2 SP inside the CAS service 
> registry. I am using following JSON but it's not triggering the DUO login . 
> I am able to login to SP though.
>
> {
>   @class: org.apereo.cas.support.saml.services.SamlRegisteredService
>   serviceId: 
> https://localhost:8443/spring-security-saml2-sample/saml/metadata
>   name: SAMLService
>   id: 10000023
>   description: SAML Client Metadata
>   evaluationOrder: 10
>   logoutType: BACK_CHANNEL
>   attributeReleasePolicy:
>   {
>     @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
>     principalAttributesRepository:
>     {
>       @class: 
> org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository
>       expiration: 2
>       timeUnit: HOURS
>     }
>     authorizedToReleaseCredentialPassword: false
>     authorizedToReleaseProxyGrantingTicket: false
>   }
>   multifactorPolicy:
>   {
>     @class: 
> org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
>     multifactorAuthenticationProviders:
>     [
>       java.util.HashSet
>       [
>         mfa-duo
>       ]
>     ]
>     failureMode: CLOSED
>     principalAttributeNameTrigger: eduPersonAffiliation
>     principalAttributeValueToMatch: alum
>   }
>   accessStrategy:
>   {
>     @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
>     enabled: true
>     ssoEnabled: true
>     requireAllAttributes: true
>     caseInsensitive: false
>   }
>   metadataLocation: /home/cas/spring-security-saml.xml
>   metadataMaxValidity: 0
>   signAssertions: false
>   signResponses: true
>   encryptAssertions: false
>   metadataCriteriaRoles: SPSSODescriptor
>   metadataCriteriaRemoveEmptyEntitiesDescriptors: true
>   metadataCriteriaRemoveRolelessEntityDescriptors: true
> }
>
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/708c1df4-56bb-4e38-81a4-aec7bc687170%40apereo.org.

Reply via email to