Dirk, Sorry for the huge delay, here's all my config related to the cas.authn.mfa.gauth piece (sans our JPA config, since it doesn't sound like you need it):
cas.authn.mfa.globalFailureMode=OPEN #cas.authn.mfa.globalPrincipalAttributeNameTriggers=mfa-user #cas.authn.mfa.globalProviderId=mfa-gauth cas.authn.mfa.groovyScript=file:/usr/tomcat/mfaAuthTrigger.groovy cas.authn.mfa.gauth.issuer=TEST cas.authn.mfa.gauth.label=TEST cas.authn.mfa.gauth.windowSize=3 cas.authn.mfa.gauth.codeDigits=6 cas.authn.mfa.gauth.timeStepSize=30 cas.authn.mfa.gauth.rank=0 #cas.authn.mfa.gauth.trustedDeviceEnabled=false -- I still can't get this to work cas.authn.mfa.gauth.name=TEST cas.authn.mfa.gauth.cleaner.schedule.enabled=true cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000 cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000 Be sure the file is on a location that the tomcat user can read from. I just put it in tomcat root for simplicity's sake. I hope this helps if you're still having problems. Thanks, -Jonathan On Wednesday, August 22, 2018 at 3:08:50 PM UTC-5, Dirk Tepe wrote: > > Can you provide some details regarding your configuration to get > cas.authn.mfa.groovyScript working? I'm currently using a groovy script for > MFA bypass successfully but now have need to use one for triggering as > well. However, the triggering script example wraps the run method in a > class and I've not been successful in getting it executed. CAS complains if > I have the path to the file incorrect, so I know it's at least identifying > that the file exists, I just can't figure out how to get it executed. > > Thanks, > > -dirk > > On Monday, July 2, 2018 at 3:06:05 PM UTC-4, Jonathan Barrett wrote: >> >> All, >> >> I was able to resolve the issue by rethinking my program flow and instead >> rewrite the groovy file to run off of the cas.authn.mfa.groovyScript >> property so it controls the trigger of MFA instead of bypassing activated >> MFA. Better to not trigger MFA at all instead of try to bypass in my case. >> Plus, this gave me the ability to do more preprocessing to push people >> around to multiple MFA providers as needed. Be aware that service.id at >> the trigger level is the URL instead of the service registry name/ID. Hope >> this helps someone. >> >> -Jonathan >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ceaf9267-c5c6-4597-b029-36487945f801%40apereo.org.