Hi,
A web application triggers a mfa-duo authentication with http request
parameter authn_method=mfa-duo. Is it possible to bypass this
application from using mfa-duo ?
We didn't set cas.authn.mfa.request-parameter so default value is on (
authn_method ). Tried to add these lines in service registry but without
success :
"multifactorPolicy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet",
[ "mfa-duo" ] ],
"bypassEnabled" : "true"
}
Also tried cas.authn.mfa.duo[0].bypass.http-request-remote-address
parameters but didn't work either.
Setting cas.authn.mfa.request-parameter to empty value worked but
prevent all applications from using http request to trigger mfa-duo.
Did behaviours regardings HTTP Request triggers has changed since CAS
v5.3.x ?
Best regards.
Jerome Nenert
IT Services
Université Panthéon-Assas (Paris 2)
||
||
||
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ee7ca1e-f7ca-a57f-32d0-6fb301d83ef3%40u-paris2.fr.
