This PR https://github.com/apereo/cas/pull/3498, against 5.3.x addresses
this issue.


On Fri, Sep 7, 2018 at 11:42 AM Brian Gibson <
gibson_br...@wheatoncollege.edu> wrote:

> Hi all,
>
> We have Duo working in our test CAS 5.1.2 environment. Now we'd like to
> point different CAS-protected services at different Duo Protected
> Applications so we can set different group policies for each. I created 2
> CAS applications inside Duo's admin portal, I called them
>
> "CAS ID=mfa-duo"
> "CAS ID=mfa-duo2"
>
> I then edited my cas.properties file and created a second set of Duo
> settings, here is what it looks like with the important data scrubbed out
>
> cas.authn.mfa.duo[0].duoSecretKey=*<Key-for CAS ID=mfa-duo>*
> cas.authn.mfa.duo[0].duoApplicationKey=*<40 character random string>*
> cas.authn.mfa.duo[0].duoIntegrationKey=*<Intregration-Key-for CAS
> ID=mfa-duo>*
> cas.authn.mfa.duo[0].duoApiHost=*<api-server-name>*
> cas.authn.mfa.duo[0].id=*mfa-duo*
> cas.authn.mfa.duo[0].name=Duo_Profile1
>
> cas.authn.mfa.duo[1].duoSecretKey=*<Key-for CAS ID=mfa-duo2>*
> cas.authn.mfa.duo[1].duoApplicationKey=*<different 40 character random
> string>*
> cas.authn.mfa.duo[1].duoIntegrationKey=*<Intregration-Key-for CAS
> ID=mfa-duo2>*
> cas.authn.mfa.duo[1].duoApiHost=*<api-server-name>*
> cas.authn.mfa.duo[1].id=*mfa-duo2*
> cas.authn.mfa.duo[1].name=Duo_Profile2
>
>
> I then edited the .json files for 2 services and added these sections for
> multifactor authentication, note the duo ID I am referencing differently in
> each...
>
> =========== Service 1============================
>   multifactorPolicy:
>   {
>     @class:
> org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
>     multifactorAuthenticationProviders:
>     [
>       java.util.HashSet
>       [
>         *mfa-duo*
>       ]
>     ]
>     failureMode: CLOSED
>     principalAttributeNameTrigger: memberOf
>     principalAttributeValueToMatch: *<our AD group>*
>     bypassEnabled: false
>   }
> ===============================================
> =========== Service 2============================
>   multifactorPolicy:
>   {
>     @class:
> org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
>     multifactorAuthenticationProviders:
>     [
>       java.util.HashSet
>       [
>         *mfa-duo2*
>       ]
>     ]
>     failureMode: CLOSED
>     principalAttributeNameTrigger: memberOf
>     principalAttributeValueToMatch: *<our AD group>*
>     bypassEnabled: false
>   }
> ===============================================
>
> When I log into both services I do get prompted to do 2 factor auth but
> when I authenticate on my phone app they both list the protected app named
>
> *"CAS ID=mfa-duo"*
>
> How do you get different CAS-protected services to point to different CAS
> instances in Duo (and therefore different group policies)?
>
> Thanks!
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6a4c87cd-8bda-58b7-d38f-04ef16532366%40wheatoncollege.edu
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6a4c87cd-8bda-58b7-d38f-04ef16532366%40wheatoncollege.edu?utm_medium=email&utm_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEbNx7pi7_6uUQXHgE4F5_P8sdTirwjTUvZinyapNBnSFg%40mail.gmail.com.

Reply via email to