Hi,
The only solution that works for me is to use OPEN failureMode for this
specific service
"multifactorPolicy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet",
[ "mfa-duo" ] ],
"failureMode" : "OPEN"
}
So, what's the exact purpose of this paramater
cas.authn.mfa.duo[0].bypass.http-request-remote-address ?
No other tips for preventing a service to use MFA while sending http
request parameter authn_method=mfa-duo ?
Thanks for your help.
Best regards.
Jerome Nenert
IT Services
Université Panthéon-Assas (Paris 2)
Le 20/11/2020 à 15:17, Jérôme NENERT a écrit :
Hi,
A web application triggers a mfa-duo authentication with http request
parameter authn_method=mfa-duo. Is it possible to bypass this
application from using mfa-duo ?
We didn't set cas.authn.mfa.request-parameter so default value is on (
authn_method ). Tried to add these lines in service registry but
without success :
"multifactorPolicy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"multifactorAuthenticationProviders" : [
"java.util.LinkedHashSet", [ "mfa-duo" ] ],
"bypassEnabled" : "true"
}
Also tried cas.authn.mfa.duo[0].bypass.http-request-remote-address
parameters but didn't work either.
Setting cas.authn.mfa.request-parameter to empty value worked but
prevent all applications from using http request to trigger mfa-duo.
Did behaviours regardings HTTP Request triggers has changed since CAS
v5.3.x ?
Best regards.
Jerome Nenert
IT Services
Université Panthéon-Assas (Paris 2)
||
||
|| --
- Website: https://apereo.github.io/cas <https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas
<https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ee7ca1e-f7ca-a57f-32d0-6fb301d83ef3%40u-paris2.fr
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ee7ca1e-f7ca-a57f-32d0-6fb301d83ef3%40u-paris2.fr?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3dce652b-75ba-85e7-c6ee-b8c6084aadd9%40u-paris2.fr.
