Post some debug logs. Sometimes the problem is identified in another location.
Ray On Wed, 2019-07-17 at 07:40 -0700, 李朝林 wrote: Ray Thx very much, i encountered another problem, my system contain more addresses, configuration is as follow: cas.authn.mfa.radius.client.inetAddress=127.0.0.1,127.0.0.2 the raduis server parse inetAddress error, hostname not found exception 在 2019年6月21日星期五 UTC+8下午11:22:37,rbon写道: See, https://apereo.github.io/cas/6.0.x/mfa/Configuring-Multifactor-Authentication.html#failure-mode-by-registered-service for an example. If you use the service management application, there is a tab for MFA. Ray On Thu, 2019-06-20 at 18:06 -0700, 李朝林 wrote: Hi robin How to set MFA for my service(s)? set cas configuration or radius device? Thx! 在 2019年6月20日星期四 UTC+8下午11:21:16,rbon写道: You also have to set MFA for your service(s). Ray On Wed, 2019-06-19 at 18:21 -0700, 李朝林 wrote: hi Christian: We have been using ldap + CAS for a long time,Recently wanted to add two-factor authentication(LDAP + Raduis-mfa) But ldap authentication is ok, redirecting to logging succuss page, without show radius token password page? Can u help checkout my configure? Thx application.properties: cas.authn.mfa.radius.server. nasPortId = -1 cas.authn.mfa.radius.server. nasRealPort = -1 cas.authn.mfa.radius.server. protocol = EAP_MSCHAPv2 cas.authn.mfa.radius.server. retries = 3 cas.authn.mfa.radius.server. nasPortType = -1 cas.authn.mfa.radius.server. nasPort = -1 cas.authn.mfa.radius.server. nasIpAddress = cas.authn.mfa.radius.server. nasIpv6Address = cas.authn.mfa.radius.server. nasIdentifier = -1 cas.authn.mfa.radius.client. authenticationPort = 1812 cas.authn.mfa.radius.client. sharedSecret = xxxxxx cas.authn.mfa.radius.client. socketTimeout = 0 cas.authn.mfa.radius.client. inetAddress = 172.x.x.x cas.authn.mfa.radius.client. accountingPort = 1813 cas.authn.radius. failoverOnException = false cas.authn.radius. failoverOnAuthenticationFailur e = false pom.xml <dependency> <groupId> org.apereo.cas </ groupId> <artifactId> cas-server- support-ldap </artifactId> <version> ${cas.version} </ version> </dependency> <dependency> <groupId> org.apereo.cas </ groupId> <artifactId> cas-server- support-radius-mfa </ artifactId> <version> 5.3.0-RC4 </version> </dependency> 在 2018年7月19日星期四 UTC+8下午2:52:01,Christian Blich写道: We are trying to upgrade our CAS from version 2.0 to 5.2 / 5.3 and have LDAP authentication up and running, and have Radius working as well, but CAS will first ask for username and password to login into the LDAP, then ask for the same password to call Radius, and then SMS code.The middle step we want to get rid of, So is it possible to make the login to the radius reuse username and password from LDAP? In the end we want one of the following combinations: 1. LDAP authentication for username and password, then Radius OTP SMS password when the risk is at the certain level. 2. Radius authentication and then enrich the user login with info from LDAP, but don't looks like the Radius is receiving other information on the user other than username and password. The reason is that we want to use SMS as a two factor validation in risk situations, when f.ex. some body given out they username and password in phissing attempts. But in general we want the LDAP to be the login validator. We already use a supplier with radius to handle our VPN login with multifactor, but for test purpose have made our own simpel radius server. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<javascript:> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3fa3a9130f3fd019e03e9f78f7262ab730ff2c4e.camel%40uvic.ca.
