I was able to figure out how to get the Google Authenticator working with a REST call (to dynamically return the correctly formatted JSON information), but I am still unable to use REST to store/register a new code for a user (I am not sure how to send teh POST data to store the information). Any help would be appreciated.
Thanks! Shawn On Friday, August 9, 2019 at 9:13:18 AM UTC-4, Shawn Cutting wrote: > > I am trying to get CAS 5.3.9 working with Google Authenticator MFA, but I am > getting the following error: > > Error: Exception thrown executing > org.apereo.cas.trusted.web.flow.MultifactorAuthenticationVerifyTrustAction@7b20419f > in state 'verifyTrustedDevice' of flow 'mfa-gauth' -- action execution > attributes were 'map['resolvedAuthenticationEvents' -> set[mfa-gauth]]' > > The config is below: > > cas.server.name: https://******** > cas.server.prefix: ${cas.server.name}/cas > > cas.logout.followServiceRedirects=true > > cas.view.templatePrefixes[0]=file:///etc/cas/templates > > logging.config=file:/etc/cas/config/log4j2.xml > > cas.serviceRegistry.json.location=file:/etc/cas/services > > cas.authn.accept.users= > > cas.authn.ldap[0].type=AUTHENTICATED > cas.authn.ldap[0].ldapUrl=ldaps://********* > cas.authn.ldap[0].bindDn=********* > cas.authn.ldap[0].bindCredential=********* > cas.authn.ldap[0].useSsl=true > cas.authn.ldap[0].useStartTls=false > cas.authn.ldap[0].poolPassivator=BIND > cas.authn.ldap[0].baseDn=********* > cas.authn.ldap[0].subtreeSearch=true > cas.authn.ldap[0].searchFilter=(*********) > cas.authn.ldap[0].principalAttributeId=cn > cas.authn.ldap[0].principalAttributeList=********* > > cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName=UDC_IDENTIFIER > cas.authn.attributeRepository.ldap[0].attributes.mail=email > cas.authn.attributeRepository.ldap[0].attributes.givenName=firstName > cas.authn.attributeRepository.ldap[0].attributes.sn=lastName > cas.authn.attributeRepository.ldap[0].attributes.cn=user > cas.authn.attributeRepository.ldap[0].attributes.memberOf=memberOf > > ### Authy setup > cas.authn.mfa.authy.apiKey=********* > cas.authn.mfa.authy.apiUrl=********* > cas.authn.mfa.authy.phoneAttribute=mobile > cas.authn.mfa.authy.mailAttribute=extenstionattribute1 > cas.authn.mfa.authy.countryCode=1 > cas.authn.mfa.authy.forceVerification=true > cas.authn.mfa.authy.trustedDeviceEnabled=false > cas.authn.mfa.authy.name=castest > > ### Google Authenticator setup > > #cas.authn.mfa.globalProviderId=mfa-gauth > > cas.authn.mfa.gauth.issuer=Messiah_College_CAS > cas.authn.mfa.gauth.label=Username > cas.authn.mfa.gauth.windowSize=3 > cas.authn.mfa.gauth.codeDigits=6 > cas.authn.mfa.gauth.timeStepSize=30 > cas.authn.mfa.gauth.rank=0 > cas.authn.mfa.gauth.trustedDeviceEnabled=true > cas.authn.mfa.gauth.name=castest > cas.authn.mfa.gauth.json.location=file:/etc/cas/config/gauth.json > #cas.authn.mfa.gauth.rest.endpointUrl=https://*********/processGauth.php > > cas.authn.mfa.gauth.crypto.encryption.key=********* > cas.authn.mfa.gauth.crypto.encryption.keySize=256 > cas.authn.mfa.gauth.crypto.signing.key=********* > cas.authn.mfa.gauth.crypto.signing.keySize=512 > cas.authn.mfa.gauth.crypto.enabled=true > > #cas.authn.mfa.gauth.cleaner.enabled=true > #cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000 > #cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000 > > cas.authn.mfa.trusted.authenticationContextAttribute=isFromTrustedMultifactorAuthentication > cas.authn.mfa.trusted.deviceRegistrationEnabled=true > cas.authn.mfa.trusted.expiration=30 > cas.authn.mfa.trusted.timeUnit=DAYS > cas.authn.mfa.trusted.json.location=file:/etc/cas/config/trusted-dev.json > #cas.authn.mfa.trusted.rest.endpoint=https://*********/trustedBrowser/index.php > cas.authn.mfa.trusted.crypto.encryption.key=********* > cas.authn.mfa.trusted.crypto.encryption.keySize=256 > cas.authn.mfa.trusted.crypto.signing.key=********* > cas.authn.mfa.trusted.crypto.signing.keySize=512 > cas.authn.mfa.trusted.crypto.enabled=true > cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.encryption.key=********* > cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.encryption.keySize=256 > cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.signing.key=********* > cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.signing.keySize=512 > cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.enabled=true > > cas.tgc.crypto.encryption.key=********* > cas.tgc.crypto.encryption.keySize=256 > cas.tgc.crypto.signing.key=********* > cas.tgc.crypto.signing.keySize=512 > cas.tgc.crypto.enabled=true > > cas.webflow.crypto.signing.key=********* > cas.webflow.crypto.signing.keySize=512 > cas.webflow.crypto.encryption.key=********* > cas.webflow.crypto.encryption.keySize=16 > cas.webflow.crypto.enabled=true > > cas.monitor.endpoints.enabled=true > cas.monitor.endpoints.sensitive=false > > cas.monitor.freeMemThreshold=10 > > cas.ticket.st.numberOfUses=1 > cas.ticket.st.timeToKillInSeconds=300 > cas.ticket.tgt.maxTimeToLiveInSeconds=36000 > cas.ticket.tgt.timeToKillInSeconds=28000 > cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=36000 > # cas.ticket.tgt.rememberMe.enabled=false > # cas.ticket.tgt.rememberMe.timeToKillInSeconds=1 > > cas.interrupt.rest.url=https://*********/interrupts/process.php > cas.interrupt.rest.method=GET > > My ultimate goal is to get this to work using a REST call so that I can store > the user and device information (I have asked that in a different thread > <https://groups.google.com/a/apereo.org/forum/#!msg/cas-user/yMiO4EMULGs/iOW8zjQWCwAJ>) > but at this point, I am not sure why the JSON file-based is throwing the > error. Any thoughts would be greatly appreciated! > > Thanks, > Shawn > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7fc260df-b112-4e01-99a7-8243cd89d3e9%40apereo.org.
