Folks, I'm testing the possibility to let the user choose MFA token to use, in fact between u2f and google authenticator.
I have a PHP test page used tho retrieve and show me some attributes. At the time I use cas.authn.mfa.provider-selection-enabled=true, I cannot get validated by CAS : <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code="INVALID_AUTHENTICATION_CONTEXT">The validation request for ['ST-1-6gCa8d4O65sMdY-612TXkDd1HDc-castest'] cannot be satisfied. The request is either unrecognized or unfulfilled.</cas:authenticationFailure> </cas:serviceResponse> In cas_audit, I have : 2020-10-06 17:28:50,359 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: xxx WHAT: ST-1-6gCa8d4O65sMdY-612TXkDd1HDc-castest for http://php2/portail/cas61.php ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Tue Oct 06 17:28:50 CEST 2020 CLIENT IP ADDRESS: SERVER IP ADDRESS: ============================================================= 2020-10-06 17:28:50,424 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [result=Service Access Granted,service=http://php2/portail/...,principal=SimplePrincipal(id=xxx, attributes={...}] ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED APPLICATION: CAS WHEN: Tue Oct 06 17:28:50 CEST 2020 CLIENT IP ADDRESS: SERVER IP ADDRESS: ============================================================= 2020-10-06 17:28:50,427 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: xxx WHAT: ST-1-6gCa8d4O65sMdY-612TXkDd1HDc-castest for http://php2/portail/cas61.php ACTION: SERVICE_TICKET_VALIDATE_SUCCESS APPLICATION: CAS WHEN: Tue Oct 06 17:28:50 CEST 2020 CLIENT IP ADDRESS: SERVER IP ADDRESS: ============================================================= If I use cas.authn.mfa.provider-selection-enabled=false, I cannot choose the 2FA but it works... Any clue ? Regards. -- Philippe MARASSE Responsable pôle Infrastructures Direction de l'Informatique, Support à la Communication et à l'Organisation (DISCO) Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f8dedb52-116c-3bd9-cf9c-00d8b3f36b3e%40ch-poitiers.fr.
smime.p7s
Description: Signature cryptographique S/MIME
