Hey Manfredo,
I'm actually trying to go with the bypass vs the provider selector: Shown
Here
<https://apereo.github.io/cas/5.2.x/installation/Configuring-Multifactor-Authentication-Bypass.html>.
I'm hoping to simplify the environment to only one Duo instance with the
use of an LDAP attribute that will be utilized in the groovy script once I
get the script to run.
But, it seems that there are typos and other missing details from the
samples. For example, the first one returns a boolean while the second one
returns a String. Both are meant to be the same thing. The first also has
an import for java.util.* while the second either ignores it or omits it.
On Thursday, February 8, 2018 at 9:28:29 AM UTC-5, Manfredo Hopp wrote:
>
> In version 5.2 this should be
>
> cas.authn.mfa.providerSelectorGroovyScript=file:/etc/cas/wathever.groovy
>
>
> El jueves, 8 de febrero de 2018, brian mancuso <snid...@gmail.com
> <javascript:>> escribió:
>
>> Alright Misagh and Manfredo, I believe you're both putting me on the
>> right track with this. Unfortunately, I haven't used a groovy script before
>> and I'm having trouble getting it to get picked up by CAS. Could either of
>> you help with this example?
>>
>> */etc/cas/selectiveDuo.groovy:*
>>
>> def String run(final Object... args) {
>>
>> def authentication = args[0]
>>
>> def principal = args[1]
>>
>> def service = args[2]
>>
>> def provider = args[3]
>>
>> def logger = args[4]
>>
>> def httpRequest = args[5]
>>
>> logger.info("Evaluating principal attributes ${principal.attributes}"
>> )
>>
>> def bypass = principal.attributes['uid']
>> if (bypass.contains("testuid")) {
>>
>> logger.info("Skipping bypass for principal ${principal.id}
>> return false
>>
>> }
>>
>> return true
>>
>> }
>> Is this really what the groovy file should look like or am I missing
>> imports and package info at the top? I never get any info logged, so I'm
>> pretty sure this script never gets run.
>>
>> */etc/cas/config/cas.properties:*
>>
>>
>>
>>
>> *cas.authn.mfa.duo[0].rank=0cas.authn.mfa.duo[0].duoApiHost=REMOVEDcas.authn.mfa.duo[0].duoIntegrationKey=REMOVEDcas.authn.mfa.duo[0].duoSecretKey=REMOVEDcas.authn.mfa.duo[0].duoApplicationKey=REMOVEDcas.authn.mfa.duo[0].id=mfa-duocas.authn.mfa.globalProviderId=mfa-duocas.authn.mfa.globalPrincipalAttributePredicate=file:///etc/cas/selectiveDuo.groovy*
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/9ade320d-4c96-4c23-b22b-a830387cf692%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/9ade320d-4c96-4c23-b22b-a830387cf692%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe234592-f340-472c-84c3-65c55ccd0a5e%40apereo.org.
