Thanks Ray. It seems as though some (at least) have overrides in place for the use of either. That would be super confusing if some have overrides and others do not. For example: These both work in 6.2.7 in 6.3.
- cas.theme.defaultThemeName - cas.theme.default-theme-name - cas.authn.mfa.globalProviderId - cas.authn.mfa.global-provider-id So far I'm not having luck with either when it comes to the following, or my regex is not valid in the context of this property. It's strictly in my case a multi-value attribute, however assuming it was a string, I am hoping my initial regex would work in the context of a string or string array "under the covers". - cas.authn.mfa.globalPrincipalAttributeNameTriggers - cas.authn.mfa.globalPrincipalAttributeValueRegex I imagine this is working for others? I pre-production, I can experiment with service by service, but there are many rules in production and I guess that would strictly still work. Again I am grateful for the guidance you've elected to provide. On Tuesday, February 2, 2021 at 1:55:15 PM UTC-6 Ray Bon wrote: > Andrew, > > The 6.x series of cas properties should be camelCase (the docs have not > been updated). > > Ray > > On Tue, 2021-02-02 at 11:34 -0800, Andrew Marker wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hey, > > I'm moving from 5.3.x to 6.2.7 and I'm stymied in my progress by something > I hope is obvious. Since it is happening in both 6.2.7 and 6.3.0, I'm > hoping it is just miss configuration on my part and I'm hoping to get some > guidance. > > Below are the relevant configurations ported from v5.3. Most notably I had > to convert all these properties from camelCase to hyphenated-lowercase. > The issue is that, it does not seem to respect the trigger attributes as > 5.3 does. My assumption is that only folk in a group called > multifactor-authentication will be prompted for DUO. > > If I enable global mfa, by setting the provider id, all requests including > delegate auth are transitioned to the duo workflow: They either are asked > to setup mfa on a phone, or it just fails (delegate without enough info). > Currently I only have one MFA provider. > > # Duo Security > cas.authn.mfa.duo[0].id=mfa-duo > cas.authn.mfa.duo[0].rank=0 > cas.authn.mfa.duo[0].name=Duo Security > cas.authn.mfa.duo[0].duo-secret-key=myFirstSupaSekritKey > cas.authn.mfa.duo[0].duo-application-key=mySecondSupaSekritKey > cas.authn.mfa.duo[0].duo-integration-key=myTirdSupaSekritKey > cas.authn.mfa.duo[0].duo-api-host=api-8675309.duosecurity.com > > #Global MFA > cas.authn.mfa.request-parameter=authn_method > cas.authn.mfa.global-provider-id=mfa-duo > cas.authn.mfa.global-failure-mode=OPEN > cas.authn.mfa.global-principal-attribute-name-triggers=isMemberOf > > cas.authn.mfa.global-principal-attribute-value-regex=.*cn=multifactor-authentication.* > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8eadeac3-2491-4563-8a4e-1f7147b21283n%40apereo.org.
