[cas-user] cas 6.1.7, Anyone knows setting for auto register MFA device vs user putting a name/skip step

Thu, 16 Jul 2020 13:08:16 -0700 

Hello

   Trying to simplify the MFA flow and skip the register device. For some 
reason a configuration might be missing somewhere. I think I have seen it 
working as such in cas 5.3.x but it's been a while.

  Generally, the user authenticates, followed by MFA phase  then next 
screen is the device registration/skip. 
  Interested on automation of the third screen to be auto registration and 
transparent to the user.

  Any of the 4 config would give me enough leads please yubikey, google, 
u2f, simple (email/sms)

Unless I am mistaken, I need the below else devices are not trusted per MFA 
desired maxAge (cookie) and timeUnit (storage) time to live.  I would think 
there is some other parameter missing as well.

cas.authn.mfa.gauth.trustedDeviceEnabled=true
     
cas.authn.mfa.trusted.authenticationContextAttribute=isFromTrustedMultifactorAuthentication
  cas.authn.mfa.trusted.deviceRegistrationEnabled=true
  cas.authn.mfa.trusted.timeUnit=DAYS
  cas.authn.mfa.trusted.expiration=1
  ...
  cas.authn.mfa.trusted.deviceFingerprint.cookie.name=MFATRUSTED
cas.authn.mfa.trusted.deviceFingerprint.cookie.domain=
cas.authn.mfa.trusted.deviceFingerprint.cookie.path=/cas
cas.authn.mfa.trusted.deviceFingerprint.cookie.httpOnly=true
cas.authn.mfa.trusted.deviceFingerprint.cookie.secure=true
# 
cas.authn.mfa.trusted.deviceFingerprint.cookie.maxAge=14400
cas.authn.mfa.trusted.deviceFingerprint.componentSeparator=@
cas.authn.mfa.trusted.deviceFingerprint.cookie.enabled=true
cas.authn.mfa.trusted.deviceFingerprint.cookie.order=1
cas.authn.mfa.trusted.deviceFingerprint.clientIp.enabled=true
cas.authn.mfa.trusted.deviceFingerprint.clientIp.order=2
cas.authn.mfa.trusted.deviceFingerprint.userAgent.enabled=true
cas.authn.mfa.trusted.deviceFingerprint.userAgent.order=3

 Thanks for your help.
  

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bbd45ccd-29d1-48f8-be3b-73daf975709bn%40apereo.org.

Reply via email to