I ran across this too. I had to add the gradle linkage for simple MFA to
get around this.
compile
"org.apereo.cas:cas-server-support-simple-mfa:${project.'cas.version'}"
Not sure why, but I did.
colin
On 2019-11-06 2:28 a.m., Andy Ng wrote:
Hi all,
In my quest to test out some CAS authentication, I stumble across
*Radius Authentication*:
https://apereo.github.io/cas/6.1.x/mfa/RADIUS-Authentication.html and
want to try it out. I am using CAS 6.1.x
I used freeradius docker varience
(https://hub.docker.com/r/freeradius/freeradius-server), and setup a
very simple testing config with a single user (i.e. bob),
_/etc/raddb/mods-config/files/authorize_
bob Cleartext-Password := "hello"
_/etc/raddb/clients.conf_
client dockernet {
ipaddr = 0.0.0.0/0
secret = testing123
}
and configure CAS using:
_cas.yml_
cas.authn.radius:
client.sharedSecret: testing123
client.inetAddress: my.radius.server
_build.gradle dependency:_
compile
"org.apereo.cas:cas-server-support-radius:${project.'cas.version'}"
But was greeted with the following error:
_Error Log_
2019-11-06 04:15:20,417 INFO
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authenticated principal [bob] with attributes [{EAP-Message=[[Binary
Data (length=22)]], Message-Authenticator=[[Binary Data (length=16)]],
State=[[Binary Data (length=16)]]}] via credentials
[[UsernamePasswordCredential(username=bob, source=null,
customFields={})]].>
2019-11-06 04:15:20,423 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: bob
WHAT: Supplied credentials: [UsernamePasswordCredential(username=bob,
source=null, customFields={})]
ACTION: *AUTHENTICATION_SUCCESS*
APPLICATION: CAS
WHEN: Wed Nov 06 04:15:20 GMT 2019
CLIENT IP ADDRESS: 172.20.0.1
SERVER IP ADDRESS: 172.20.0.5
=============================================================
>
*2019-11-06 04:15:20,434 ERROR
[org.apereo.cas.adaptors.radius.web.flow.RadiusAccessChallengedMultifactorAuthenticationTrigger]
- <No multifactor authentication providers are available in the
application context>*
2019-11-06 04:15:20,434 WARN
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
- <1 errors, 0 successes>
org.apereo.cas.authentication.AuthenticationException: 1 errors, 0
successes
Despite the Authentication success shown above, I was greeted with
error related to MFA.
My question is follows:
- Is there any misconfiguration from me above? Seems unlikely since I
did correctly see AUTHENTICATION_SUCCESS and didn't setup MFA.
- If my config is OK, is this true that Radius Authentication needs
MFA in order to work? Is that intended behavior?
- If no, then would need to look into why Radius Authentication is
linked together with MFA inseparably.
Thanks!
Cheers!
- Andy
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org
<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/da53899e-448f-44a8-a79a-9cb95bcffdcb%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/da53899e-448f-44a8-a79a-9cb95bcffdcb%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/17f9338a-0355-5472-0562-4c105f434c5c%40caveo.ca.