<https://lh3.googleusercontent.com/-AsmHvzkNS0c/WwuxEXITzwI/AAAAAAAAAIU/GFgL_aKbSR8864KGGmkHZMcx69PFYa4iACL4CGAYYCw/s1600/Snip20180528_1.png>
在 2019年7月18日星期四 UTC+8上午12:00:22,rbon写道: > > Post some debug logs. Sometimes the problem is identified in another > location. > > Ray > > On Wed, 2019-07-17 at 07:40 -0700, 李朝林 wrote: > > Ray Thx very much, i encountered another problem, my system contain more > addresses, configuration is as follow: > cas.authn.mfa.radius.client.inetAddress=127.0.0.1,127.0.0.2 > the raduis server parse inetAddress error, hostname not found exception > > 在 2019年6月21日星期五 UTC+8下午11:22:37,rbon写道: > > See, > https://apereo.github.io/cas/6.0.x/mfa/Configuring-Multifactor-Authentication.html#failure-mode-by-registered-service > > for an example. > If you use the service management application, there is a tab for MFA. > > Ray > > On Thu, 2019-06-20 at 18:06 -0700, 李朝林 wrote: > > > Hi robin > How to set MFA for my service(s)? set cas configuration or radius > device? > Thx! > > 在 2019年6月20日星期四 UTC+8下午11:21:16,rbon写道: > > You also have to set MFA for your service(s). > > Ray > > On Wed, 2019-06-19 at 18:21 -0700, 李朝林 wrote: > > hi Christian: > We have been using ldap + CAS for a long time,Recently wanted to add > two-factor authentication(LDAP + Raduis-mfa) > But ldap authentication is ok, redirecting to logging succuss page, > without show radius token password page? > Can u help checkout my configure? Thx > > application.properties: > > cas.authn.mfa.radius.server. > > nasPortId > > = > > -1 > > > cas.authn.mfa.radius.server. > > nasRealPort > > = > > -1 > > > cas.authn.mfa.radius.server. > > protocol > > = > > EAP_MSCHAPv2 > > > cas.authn.mfa.radius.server. > > retries > > = > > 3 > > > cas.authn.mfa.radius.server. > > nasPortType > > = > > -1 > > > cas.authn.mfa.radius.server. > > nasPort > > = > > -1 > > > cas.authn.mfa.radius.server. > > nasIpAddress > > = > > > cas.authn.mfa.radius.server. > > nasIpv6Address > > = > > > cas.authn.mfa.radius.server. > > nasIdentifier > > = > > -1 > > > > cas.authn.mfa.radius.client. > > authenticationPort > > = > > 1812 > > > cas.authn.mfa.radius.client. > > sharedSecret > > = > > xxxxxx > > > cas.authn.mfa.radius.client. > > socketTimeout > > = > > 0 > > > cas.authn.mfa.radius.client. > > inetAddress > > = > > 172.x.x.x > > > cas.authn.mfa.radius.client. > > accountingPort > > = > > 1813 > > > > cas.authn.radius. > > failoverOnException > > = > > false > > > cas.authn.radius. > > failoverOnAuthenticationFailur > > e > > = > > false > > pom.xml > > <dependency> > > > <groupId> > > org.apereo.cas > > </ > > groupId> > > > <artifactId> > > cas-server- > > support-ldap > > </artifactId> > > > <version> > > ${cas.version} > > </ > > version> > > > </dependency> > > > <dependency> > > > <groupId> > > org.apereo.cas > > </ > > groupId> > > > <artifactId> > > cas-server- > > support-radius-mfa > > </ > > artifactId> > > > <version> > > 5.3.0-RC4 > > </version> > > > </dependency> > > > > 在 2018年7月19日星期四 UTC+8下午2:52:01,Christian Blich写道: > > We are trying to upgrade our CAS from version 2.0 to 5.2 / 5.3 and have > LDAP authentication up and running, and have Radius working as well, but > CAS will first ask for username and password to login into the LDAP, then > ask for the same password to call Radius, and then SMS code.The middle step > we want to get rid of, So is it possible to make the login to the radius > reuse username and password from LDAP? > > In the end we want one of the following combinations: > > 1. LDAP authentication for username and password, then Radius OTP SMS > password when the risk is at the certain level. > 2. Radius authentication and then enrich the user login with info from > LDAP, but don't looks like the Radius is receiving other information on the > user other than username and password. > > > The reason is that we want to use SMS as a two factor validation in risk > situations, when f.ex. some body given out they username and password in > phissing attempts. But in general we want the LDAP to be the login > validator. We already use a supplier with radius to handle our VPN login > with multifactor, but for test purpose have made our own simpel radius > server. > > > > -- > > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > > -- > > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] <javascript:> > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/aefe2d67-f3a5-4033-a71a-61021d216a96%40apereo.org.
