Done : https://github.com/apereo/cas/issues/2138
Let's switch to cas-dev. Regards. Le 18/11/2016 à 16:31, Misagh Moayyed a écrit : > > That’s an excellent find. I suspect bypass rules don’t account for > non-interactive AuthN somehow. If you can change your config to bypass > MFA based on the Ldap handler, that pretty much confirms my theory. > > > > File an issue either way please. (And since you’re on SNAPSHOT, let’s > move this to dev) > > > > --Misagh > > > > *From:*'Philippe MARASSE' via CAS Community [mailto:cas-user@apereo.org] > *Sent:* Friday, November 18, 2016 4:25 AM > *To:* CAS Community <cas-user@apereo.org> > *Subject:* [cas-user] CAS-5.1.0-SNAP MFA Bypass configuration property > is confusing > > > > Hello, > > As issues #2126 & #2127 are solved, this morning, another issue arises > : Yubikey MFA is bypassed when I use LdapAuthenticationHandler (via > login form), but not when I use Spnego ?? relevant cas.properties line > is : > > cas.authn.mfa.yubikey.bypass.authenticationHandlerName=JcifsSpnegoAuthenticationHandler > > As far as I understand it should bypass MFA-Yubikey when the first > auth is done via SPNEGO, and enforce MFA with another type of auth. > That's what I need. > > But on my test page, with login form I get this attribute : > successfulAuthenticationHandlers: *LdapAuthenticationHandler* > > with SPNEGO : successfulAuthenticationHandlers: > JcifsSpnegoAuthenticationHandler, YubiKeyAuthenticationHandler > > Then I modified the property to : > > cas.authn.mfa.yubikey.bypass.authenticationHandlerName=LdapAuthenticationHandler > > Now I have successfulAuthenticationHandlers: > YubiKeyAuthenticationHandler, LdapAuthenticationHandler whe I use > login form, fine. > and successfulAuthenticationHandlers: JcifsSpnegoAuthenticationHandler > with SPNEGO, perfect :-). > > but IMHO, bypass configuration option behavior is inverted. > > Regards. > > -- > Philippe MARASSE > > Responsable pôle Infrastructures - DSIO > Centre Hospitalier Henri Laborit > CS 10587 - 370 avenue Jacques Cœur > 86021 Poitiers Cedex > Tel : 05.49.44.57.19 > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to cas-user+unsubscr...@apereo.org > <mailto:cas-user+unsubscr...@apereo.org>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/48552979-800b-f552-1189-db88268723d2%40ch-poitiers.fr > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/48552979-800b-f552-1189-db88268723d2%40ch-poitiers.fr?utm_medium=email&utm_source=footer>. > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to cas-user+unsubscr...@apereo.org > <mailto:cas-user+unsubscr...@apereo.org>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/012501d241b0%24ccd44a80%24667cdf80%24%40unicon.net > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/012501d241b0%24ccd44a80%24667cdf80%24%40unicon.net?utm_medium=email&utm_source=footer>. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/42fa0838-f84e-2ca7-5f09-1e9c69d01d70%40ch-poitiers.fr.
smime.p7s
Description: Signature cryptographique S/MIME
