Hello, I am trying to set up RADIUS MFA. Primary authentication (via LDAP) works fine, but while debugging the second-factor we're finding that the User-Name attribute in the Access-Request is "RadiusTokenAuthenticationHandler" instead of the logged-in username.
My config looks like this: cas.authn.mfa.radius.failoverOnAuthenticationFailure=false cas.authn.mfa.radius.failoverOnException=false cas.authn.mfa.radius.client.socketTimeout=3 cas.authn.mfa.radius.client.sharedSecret=supersecret cas.authn.mfa.radius.client.authenticationPort=1812 cas.authn.mfa.radius.client.accountingPort=1813 cas.authn.mfa.radius.client.inetAddress=x.x.x.x cas.authn.mfa.radius.server.retries=3 cas.authn.mfa.radius.server.protocol=PAP cas.authn.mfa.radius.server.nasIpAddress=x.x.x.x We are pretty sure that the policies on the radius server are set up correctly, but don't know how to do anything with the user "RadiusTokenAuthenticationHandler". Is there a way that we can turn on better logging (not sure which classes hold what we need) or can we somehow specify what attribute the MFA class should use for the AccountName? Sorry this is kind of vague -- I'm hoping the above will help you help me formulate better questions. :) Thanks, Tim -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/C653A7A6-BE35-4166-BFB8-DB7BD4E749FD%40wwu.edu.
