On Tuesday, February 2, 2021 at 11:34:28 PM UTC+4 Andrew Marker wrote:
> Hey, > > I'm moving from 5.3.x to 6.2.7 and I'm stymied in my progress by something > I hope is obvious. Since it is happening in both 6.2.7 and 6.3.0, I'm > hoping it is just miss configuration on my part and I'm hoping to get some > guidance. > > Below are the relevant configurations ported from v5.3. Most notably I had > to convert all these properties from camelCase to hyphenated-lowercase. > That's great. Do note that this is generally a good idea to do in 6.3.x, and it only affects settings that conditionally enable "Spring Beans". Otherwise, cas-this and casThis and cas_this are all the same. Best to go for "kebab-case" anyway. > The issue is that, it does not seem to respect the trigger attributes as > 5.3 does. My assumption is that only folk in a group called > multifactor-authentication will be prompted for DUO. > No. The "cas.authn.mfa.global-provider-id=mfa-duo" activated mfa for everything and everyone, regardless. >From the docs: "MFA can be triggered for all applications and users regardless of individual settings. This setting holds the value of an MFA provider that shall be activated for all requests, regardless.". So if you want MFA to be triggered for a select group, I would remove that and look for debug logs that show how your attribute and its value as a pattern is processed. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/31472ef9-805e-4989-89e3-6ea4fd33bb8en%40apereo.org.
