Hello
Attempting to write Groovy MFA that could filter MFA returned value based
on some selection. At this point stuck on how to get the logger output in
order to debug and get the solution in play.
Tried: LOGGER.debug("MFA USER Section");
Error message " WARN
[org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
- <No such property: LOGGER for class: GroovyMultifactorPolicy
Possible solutions: logger>
groovy.lang.MissingPropertyException: No such property: LOGGER for class:
GroovyMultifactorPolicy
Possible solutions: logger
Tried: logger.debug("MFA USER Section");
WARN
[org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
- <Cannot invoke method debug() on null object>
java.lang.NullPointerException: Cannot invoke method debug() on null object
Tried: logger.debug "MFA USER Section"
WARN
[org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
- <Cannot invoke method debug() on null object>
java.lang.NullPointerException: Cannot invoke method debug() on null object
I must be missing something fundamental here.
Multi group selection works just need to debug/log anything
under getMultifactorAuthenticationProviders and do some more
customization/troubleshooting
Sample so far (there are more import than probably needed but not sure
which helps)
--------------------------- groovy file
----------------------------------------
import java.util.*
import org.apereo.inspektr.common.web.*;
import org.apereo.cas.services.*;
import org.apereo.cas.authentication.principal.*;
import org.springframework.webflow.execution.RequestContext;
import org.apereo.cas.web.support.WebUtils;
// Thought it provided LOGGER object
import org.slf4j.Logger;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
import org.apereo.cas.authentication.AuthenticationHandlerResolver;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.MultifactorAuthenticationCredential;
class GroovyMultifactorPolicy extends
DefaultRegisteredServiceMultifactorPolicy {
String mfaGroupPattern = "cn=something";
@Override
Set<String> getMultifactorAuthenticationProviders() {
final Authentication authentication =
WebUtils.getInProgressAuthentication();
final String A = authentication.getPrincipal().getId();
// STUCK POINT
logger.debug "MFA USER Section"
/* ******* IF someone has a sample code that works and fits this
idea also it is greatly appreciated,
def memberOf = authentication.principal.attributes['memberOf'];
// logger.info "DOING MFA group";
for (String group : memberOf) {
if (group.contains(mfaGroupPattern)) {
// logger.info "In MFA group";
return "mfa-yubikey";
}
// and other checks
}
********** */
// default if above fails
["mfa-gauth"];
}
@Override
RegisteredServiceMultifactorPolicy.FailureModes getFailureMode() {
// RegisteredServiceMultifactorPolicy.FailureModes.OPEN
RegisteredServiceMultifactorPolicy.FailureModes.PHANTOM;
}
@Override
String getPrincipalAttributeNameTrigger() {
"groupMembership";
// "Test"
}
@Override
String getPrincipalAttributeValueToMatch() {
// "(groupA|groupB)";
"(cn=groupA,ou=....,o=..|cn=groupB,ou=...,o=...)";
// "TestMatch"
}
@Override
boolean isBypassEnabled() {
// true
false;
}
}
Many thanks for your time in looking at this.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e270dd04-dec6-460f-9d53-a0cf25c71cfe%40apereo.org.
