It seems that I am back where I started, but I think I know what the culprit is. I am trying to use a REST call to store the trusted devices og Google Authenticator, but simply building the "cas-server-support-trusted-mfa-rest" into the overlay causes the gauth to not function at all.
If anyone has had any success with REST and google authenticator/trusted devices, I could sure use the help. Shawn On Sunday, August 11, 2019 at 8:51:49 PM UTC-4, Shawn Cutting wrote: > > I was able to figure out how to get the Google Authenticator working with > a REST call (to dynamically return the correctly formatted JSON > information), but I am still unable to use REST to store/register a new > code for a user (I am not sure how to send teh POST data to store the > information). Any help would be appreciated. > > Thanks! > Shawn > > On Friday, August 9, 2019 at 9:13:18 AM UTC-4, Shawn Cutting wrote: >> >> I am trying to get CAS 5.3.9 working with Google Authenticator MFA, but I am >> getting the following error: >> >> Error: Exception thrown executing >> org.apereo.cas.trusted.web.flow.MultifactorAuthenticationVerifyTrustAction@7b20419f >> in state 'verifyTrustedDevice' of flow 'mfa-gauth' -- action execution >> attributes were 'map['resolvedAuthenticationEvents' -> set[mfa-gauth]]' >> >> The config is below: >> >> cas.server.name: https://******** >> cas.server.prefix: ${cas.server.name}/cas >> >> cas.logout.followServiceRedirects=true >> >> cas.view.templatePrefixes[0]=file:///etc/cas/templates >> >> logging.config=file:/etc/cas/config/log4j2.xml >> >> cas.serviceRegistry.json.location=file:/etc/cas/services >> >> cas.authn.accept.users= >> >> cas.authn.ldap[0].type=AUTHENTICATED >> cas.authn.ldap[0].ldapUrl=ldaps://********* >> cas.authn.ldap[0].bindDn=********* >> cas.authn.ldap[0].bindCredential=********* >> cas.authn.ldap[0].useSsl=true >> cas.authn.ldap[0].useStartTls=false >> cas.authn.ldap[0].poolPassivator=BIND >> cas.authn.ldap[0].baseDn=********* >> cas.authn.ldap[0].subtreeSearch=true >> cas.authn.ldap[0].searchFilter=(*********) >> cas.authn.ldap[0].principalAttributeId=cn >> cas.authn.ldap[0].principalAttributeList=********* >> >> cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName=UDC_IDENTIFIER >> cas.authn.attributeRepository.ldap[0].attributes.mail=email >> cas.authn.attributeRepository.ldap[0].attributes.givenName=firstName >> cas.authn.attributeRepository.ldap[0].attributes.sn=lastName >> cas.authn.attributeRepository.ldap[0].attributes.cn=user >> cas.authn.attributeRepository.ldap[0].attributes.memberOf=memberOf >> >> ### Authy setup >> cas.authn.mfa.authy.apiKey=********* >> cas.authn.mfa.authy.apiUrl=********* >> cas.authn.mfa.authy.phoneAttribute=mobile >> cas.authn.mfa.authy.mailAttribute=extenstionattribute1 >> cas.authn.mfa.authy.countryCode=1 >> cas.authn.mfa.authy.forceVerification=true >> cas.authn.mfa.authy.trustedDeviceEnabled=false >> cas.authn.mfa.authy.name=castest >> >> ### Google Authenticator setup >> >> #cas.authn.mfa.globalProviderId=mfa-gauth >> >> cas.authn.mfa.gauth.issuer=Messiah_College_CAS >> cas.authn.mfa.gauth.label=Username >> cas.authn.mfa.gauth.windowSize=3 >> cas.authn.mfa.gauth.codeDigits=6 >> cas.authn.mfa.gauth.timeStepSize=30 >> cas.authn.mfa.gauth.rank=0 >> cas.authn.mfa.gauth.trustedDeviceEnabled=true >> cas.authn.mfa.gauth.name=castest >> cas.authn.mfa.gauth.json.location=file:/etc/cas/config/gauth.json >> #cas.authn.mfa.gauth.rest.endpointUrl=https://*********/processGauth.php >> >> cas.authn.mfa.gauth.crypto.encryption.key=********* >> cas.authn.mfa.gauth.crypto.encryption.keySize=256 >> cas.authn.mfa.gauth.crypto.signing.key=********* >> cas.authn.mfa.gauth.crypto.signing.keySize=512 >> cas.authn.mfa.gauth.crypto.enabled=true >> >> #cas.authn.mfa.gauth.cleaner.enabled=true >> #cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000 >> #cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000 >> >> cas.authn.mfa.trusted.authenticationContextAttribute=isFromTrustedMultifactorAuthentication >> cas.authn.mfa.trusted.deviceRegistrationEnabled=true >> cas.authn.mfa.trusted.expiration=30 >> cas.authn.mfa.trusted.timeUnit=DAYS >> cas.authn.mfa.trusted.json.location=file:/etc/cas/config/trusted-dev.json >> #cas.authn.mfa.trusted.rest.endpoint=https://*********/trustedBrowser/index.php >> cas.authn.mfa.trusted.crypto.encryption.key=********* >> cas.authn.mfa.trusted.crypto.encryption.keySize=256 >> cas.authn.mfa.trusted.crypto.signing.key=********* >> cas.authn.mfa.trusted.crypto.signing.keySize=512 >> cas.authn.mfa.trusted.crypto.enabled=true >> cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.encryption.key=********* >> cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.encryption.keySize=256 >> cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.signing.key=********* >> cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.signing.keySize=512 >> cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.enabled=true >> >> cas.tgc.crypto.encryption.key=********* >> cas.tgc.crypto.encryption.keySize=256 >> cas.tgc.crypto.signing.key=********* >> cas.tgc.crypto.signing.keySize=512 >> cas.tgc.crypto.enabled=true >> >> cas.webflow.crypto.signing.key=********* >> cas.webflow.crypto.signing.keySize=512 >> cas.webflow.crypto.encryption.key=********* >> cas.webflow.crypto.encryption.keySize=16 >> cas.webflow.crypto.enabled=true >> >> cas.monitor.endpoints.enabled=true >> cas.monitor.endpoints.sensitive=false >> >> cas.monitor.freeMemThreshold=10 >> >> cas.ticket.st.numberOfUses=1 >> cas.ticket.st.timeToKillInSeconds=300 >> cas.ticket.tgt.maxTimeToLiveInSeconds=36000 >> cas.ticket.tgt.timeToKillInSeconds=28000 >> cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=36000 >> # cas.ticket.tgt.rememberMe.enabled=false >> # cas.ticket.tgt.rememberMe.timeToKillInSeconds=1 >> >> cas.interrupt.rest.url=https://*********/interrupts/process.php >> cas.interrupt.rest.method=GET >> >> My ultimate goal is to get this to work using a REST call so that I can >> store the user and device information (I have asked that in a different >> thread >> <https://groups.google.com/a/apereo.org/forum/#!msg/cas-user/yMiO4EMULGs/iOW8zjQWCwAJ>) >> but at this point, I am not sure why the JSON file-based is throwing the >> error. Any thoughts would be greatly appreciated! >> >> Thanks, >> Shawn >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ec596420-6843-4f4b-9550-77d53edae25e%40apereo.org.
