Mr. Bond, I have not configured cas for triggering multi-factor based off a singular attribute. I have for a multi-valued memberOf attribute, It should be basically the same. Here is my config for looking at the memberOf attributes: # Activate MFA globally based on principal attributes cas.authn.mfa.globalPrincipalAttributeNameTriggers=memberOf # Specify the regular expression pattern to trigger multifactor when working with a single provider. cas.authn.mfa.globalPrincipalAttributeValueRegex=CN=mfa-eligible,OU=DuoMFA, OU=Groups,DC=nsuok,DC=edu
Here is what I think you need # Activate MFA globally based on principal attributes cas.authn.mfa.globalPrincipalAttributeNameTriggers=businessCategory # Specify the regular expression pattern to trigger multifactor when working with a single provider. cas.authn.mfa.globalPrincipalAttributeValueRegex=mfa-gauth Let me know if that works for you. Robert Bond. On Wed, Aug 14, 2019 at 12:58 PM John Bond <[email protected]> wrote: > > > On Wednesday, August 14, 2019 at 6:50:13 PM UTC+1, John Bond wrote: >> >> >> cas.authn.mfa.globalPrincipalAttributeNameTriggers=businessCategory >> >> > I tried to use preferredLanguage instead of bussinessCategory which is a > SINGLE-VALUE[1] attribute but this made no difference > > 2019-08-14 17:56:04,201 DEBUG > [org.apereo.cas.authentication.DefaultMultifactorAuthenticationProviderResolver] > - <Located attribute value [[mfa-gauth]] for [[preferredLanguage]]> > > 2019-08-14 17:56:04,202 DEBUG > [org.apereo.cas.authentication.MultifactorAuthenticationUtils] - <Attribute > value [[mfa-gauth]] is not a single-valued attribute> > > 2019-08-14 17:56:04,204 DEBUG > [org.apereo.cas.authentication.MultifactorAuthenticationUtils] - <Ignoring > [mfa-gauth] since no matching transition could be found> > > > [1]https://ldapwiki.com/wiki/SINGLE-VALUE > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1d49b26-d8e9-423f-8831-4596aca3f189%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1d49b26-d8e9-423f-8831-4596aca3f189%40apereo.org?utm_medium=email&utm_source=footer> > . > -- Robert Bond Network Administrator (918) 444-5886 Northeastern State University -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOA9z6oGTCFTprTe8V%2Bgzm8XhT08CeLth_a82xihbAZiDFBBvw%40mail.gmail.com.
