Done : https://github.com/apereo/cas/issues/2138
Let's switch to cas-dev. Regards. Le 18/11/2016 à 16:31, Misagh Moayyed a écrit : > > That’s an excellent find. I suspect bypass rules don’t account for > non-interactive AuthN somehow. If you can change your config to bypass > MFA based on the Ldap handler, that pretty much confirms my theory. > > > > File an issue either way please. (And since you’re on SNAPSHOT, let’s > move this to dev) > > > > --Misagh > > > > *From:*'Philippe MARASSE' via CAS Community [mailto:[email protected]] > *Sent:* Friday, November 18, 2016 4:25 AM > *To:* CAS Community <[email protected]> > *Subject:* [cas-user] CAS-5.1.0-SNAP MFA Bypass configuration property > is confusing > > > > Hello, > > As issues #2126 & #2127 are solved, this morning, another issue arises > : Yubikey MFA is bypassed when I use LdapAuthenticationHandler (via > login form), but not when I use Spnego ?? relevant cas.properties line > is : > > cas.authn.mfa.yubikey.bypass.authenticationHandlerName=JcifsSpnegoAuthenticationHandler > > As far as I understand it should bypass MFA-Yubikey when the first > auth is done via SPNEGO, and enforce MFA with another type of auth. > That's what I need. > > But on my test page, with login form I get this attribute : > successfulAuthenticationHandlers: *LdapAuthenticationHandler* > > with SPNEGO : successfulAuthenticationHandlers: > JcifsSpnegoAuthenticationHandler, YubiKeyAuthenticationHandler > > Then I modified the property to : > > cas.authn.mfa.yubikey.bypass.authenticationHandlerName=LdapAuthenticationHandler > > Now I have successfulAuthenticationHandlers: > YubiKeyAuthenticationHandler, LdapAuthenticationHandler whe I use > login form, fine. > and successfulAuthenticationHandlers: JcifsSpnegoAuthenticationHandler > with SPNEGO, perfect :-). > > but IMHO, bypass configuration option behavior is inverted. > > Regards. > > -- > Philippe MARASSE > > Responsable pôle Infrastructures - DSIO > Centre Hospitalier Henri Laborit > CS 10587 - 370 avenue Jacques Cœur > 86021 Poitiers Cedex > Tel : 05.49.44.57.19 > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/48552979-800b-f552-1189-db88268723d2%40ch-poitiers.fr > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/48552979-800b-f552-1189-db88268723d2%40ch-poitiers.fr?utm_medium=email&utm_source=footer>. > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/012501d241b0%24ccd44a80%24667cdf80%24%40unicon.net > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/012501d241b0%24ccd44a80%24667cdf80%24%40unicon.net?utm_medium=email&utm_source=footer>. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/42fa0838-f84e-2ca7-5f09-1e9c69d01d70%40ch-poitiers.fr.
smime.p7s
Description: Signature cryptographique S/MIME
