I'm running into an issue in CAS 5.1.4 with the Duo MFA bypass not working as anticipated. I have the following set in my cas.properties:
cas.authn.mfa.duo[0].bypass.principalAttributeName=groupMembership cas.authn.mfa.duo[0].bypass.principalAttributeValue=uid= admin_users ,ou=Group,dc= example, dc= com When I login with a user in the group then they do not see the Duo screen (as expected). However, if I login with a user that is not in that group they also do not see the Duo screen. From my understanding users that are in that group are allowed to bypass but no one else. Is this how the bypass works? If not, how can I only allow users in a certain LDAP group to bypass MFA? Thanks! -Adam -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAN6MV5PFYVS36oaL%2BMcyva3Pan%3DF6B9Y8rO%3Df0py-OvqTVQetg%40mail.gmail.com.
