Hello, As issues #2126 & #2127 are solved, this morning, another issue arises : Yubikey MFA is bypassed when I use LdapAuthenticationHandler (via login form), but not when I use Spnego ?? relevant cas.properties line is :
cas.authn.mfa.yubikey.bypass.authenticationHandlerName=JcifsSpnegoAuthenticationHandler As far as I understand it should bypass MFA-Yubikey when the first auth is done via SPNEGO, and enforce MFA with another type of auth. That's what I need. But on my test page, with login form I get this attribute : successfulAuthenticationHandlers: *LdapAuthenticationHandler* with SPNEGO : successfulAuthenticationHandlers: JcifsSpnegoAuthenticationHandler, YubiKeyAuthenticationHandler Then I modified the property to : cas.authn.mfa.yubikey.bypass.authenticationHandlerName=LdapAuthenticationHandler Now I have successfulAuthenticationHandlers: YubiKeyAuthenticationHandler, LdapAuthenticationHandler whe I use login form, fine. and successfulAuthenticationHandlers: JcifsSpnegoAuthenticationHandler with SPNEGO, perfect :-). but IMHO, bypass configuration option behavior is inverted. Regards. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/48552979-800b-f552-1189-db88268723d2%40ch-poitiers.fr.
smime.p7s
Description: Signature cryptographique S/MIME
