Hello, As issues #2126 & #2127 are solved, this morning, another issue arises : Yubikey MFA is bypassed when I use LdapAuthenticationHandler (via login form), but not when I use Spnego ?? relevant cas.properties line is :
cas.authn.mfa.yubikey.bypass.authenticationHandlerName=JcifsSpnegoAuthenticationHandler As far as I understand it should bypass MFA-Yubikey when the first auth is done via SPNEGO, and enforce MFA with another type of auth. That's what I need. But on my test page, with login form I get this attribute : successfulAuthenticationHandlers: *LdapAuthenticationHandler* with SPNEGO : successfulAuthenticationHandlers: JcifsSpnegoAuthenticationHandler, YubiKeyAuthenticationHandler Then I modified the property to : cas.authn.mfa.yubikey.bypass.authenticationHandlerName=LdapAuthenticationHandler Now I have successfulAuthenticationHandlers: YubiKeyAuthenticationHandler, LdapAuthenticationHandler whe I use login form, fine. and successfulAuthenticationHandlers: JcifsSpnegoAuthenticationHandler with SPNEGO, perfect :-). but IMHO, bypass configuration option behavior is inverted. Regards. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/48552979-800b-f552-1189-db88268723d2%40ch-poitiers.fr.
smime.p7s
Description: Signature cryptographique S/MIME