Thank you Ray. I wasn't aware of the change. Unfortunately there is no improvement after I updated the property name: My password is accepted, I select one of the MFA providers from the selection menu, my MFA response is also successful but the communication of this success by CAS to the app website has a problem.
Best, Paris On Wed, Dec 16, 2020 at 12:14 PM Ray Bon <[email protected]> wrote: > Paris, Philippe, > > I think all properties are now camel case, docs have not been updated. > > provider-selection-enabled => providerSelectionEnabled > > Ray > > On Wed, 2020-12-16 at 11:17 -0800, Paris Polydorou wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > I have the same issues with CAS 6.2 and 6.3. Three individual MFA > providers work fine when specified with cas.authn.mfa.globalProviderId. > > When I try the selection menu by adding the line > cas.authn.mfa.provider-selection-enabled=true, I successfully authenticate > with any of the three MFA providers that I select from the menu but my > website does not let me in. The logs (similar to Philippe's) indicate > success and if I go to the CAS URL I see that I am successfully > authenticated. > > Could there be confusion on the part of CAS after the successful MFA > authentication because of the three possible MFA providers and so it does > not redirect back to the app website properly or pass the right information? > > Question: Is this a known issue? Has anyone got the selection menu to work > with CAS 6.x? > > Thanks, > Paris > > On Tuesday, October 6, 2020 at 8:52:04 AM UTC-7 Philippe MARASSE wrote: > > Folks, > > I'm testing the possibility to let the user choose MFA token to use, in > fact between u2f and google authenticator. > > I have a PHP test page used tho retrieve and show me some attributes. At > the time I use cas.authn.mfa.provider-selection-enabled=true, I cannot > get validated by CAS : > > <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > <cas:authenticationFailure code="INVALID_AUTHENTICATION_CONTEXT">The > validation request for > ['ST-1-6gCa8d4O65sMdY-612TXkDd1HDc-castest'] cannot be > satisfied. The request is either unrecognized or > unfulfilled.</cas:authenticationFailure> > </cas:serviceResponse> > > In cas_audit, I have : > > 2020-10-06 17:28:50,359 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > Audit trail record BEGIN > ============================================================= > WHO: xxx > WHAT: ST-1-6gCa8d4O65sMdY-612TXkDd1HDc-castest for > http://php2/portail/cas61.php > ACTION: SERVICE_TICKET_CREATED > APPLICATION: CAS > WHEN: Tue Oct 06 17:28:50 CEST 2020 > CLIENT IP ADDRESS: > SERVER IP ADDRESS: > ============================================================= > > 2020-10-06 17:28:50,424 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > Audit trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: [result=Service Access > Granted,service=http://php2/portail/...,principal=SimplePrincipal(id=xxx, > attributes={...}] > ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED > APPLICATION: CAS > WHEN: Tue Oct 06 17:28:50 CEST 2020 > CLIENT IP ADDRESS: > SERVER IP ADDRESS: > ============================================================= > > 2020-10-06 17:28:50,427 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > Audit trail record BEGIN > ============================================================= > WHO: xxx > WHAT: ST-1-6gCa8d4O65sMdY-612TXkDd1HDc-castest for > http://php2/portail/cas61.php > ACTION: SERVICE_TICKET_VALIDATE_SUCCESS > APPLICATION: CAS > WHEN: Tue Oct 06 17:28:50 CEST 2020 > CLIENT IP ADDRESS: > SERVER IP ADDRESS: > ============================================================= > > If I use cas.authn.mfa.provider-selection-enabled=false, I cannot choose > the 2FA but it works... > > Any clue ? > > Regards. > > -- > Philippe MARASSE > > Responsable pôle Infrastructures > Direction de l'Informatique, Support à la Communication et à > l'Organisation (DISCO) > Centre Hospitalier Henri Laborit > CS 10587 - 370 avenue Jacques Cœur > 86021 Poitiers Cedex > Tel : 05.49.44.57.19 > > > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to a topic in the > Google Groups "CAS Community" group. > To unsubscribe from this topic, visit > https://groups.google.com/a/apereo.org/d/topic/cas-user/68VUgirrfo0/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1d0e999a5b908c1fdae0b22dbee3ad19cc9fe757.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1d0e999a5b908c1fdae0b22dbee3ad19cc9fe757.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAALY%3DdOcRcR%2BpEs8YcG6WuZXo4G%3DdgvU_u3cJejbEkAJnyp0TA%40mail.gmail.com.
