Hi, The setup looks like this: CAS + Vault (config file) + LDAP + 2FA (mfa-gauth) + redis for gauth and ticket registration.
After testing before production deployment I've noticed that user can authorize providing user and pass, when asking for Gauth token* it can be anything (even one character)* and CAS will pass it through. I don't know where I have mistake: Here is my config form VAULT "cas.authn.mfa.gauth.crypto.encryption.key": "[redacted]", "cas.authn.mfa.gauth.crypto.signing.key": "[redacted]", "cas.authn.mfa.gauth.issuer": "CAS", "cas.authn.mfa.gauth.label": "CAS", "cas.authn.mfa.gauth.multiple-device-registration-enabled": "false", "cas.authn.mfa.gauth.name": "CAS", "cas.authn.mfa.gauth.redis.database": "0", "cas.authn.mfa.gauth.redis.host": "localhost", "cas.authn.mfa.gauth.redis.password": "[redacted]", "cas.authn.mfa.gauth.redis.port": "6379", "cas.authn.mfa.gauth.redis.read-from": "MASTER", "cas.authn.mfa.gauth.redis.timeout": "2000", "cas.authn.mfa.gauth.redis.use-ssl": "false", "cas.authn.mfa.global-provider-id": "mfa-gauth", "cas.authn.mfa.triggers.principal.global-principal-attribute-name-triggers": "memberOf", "cas.authn.mfa.triggers.principal.global-principal-attribute-value-regex": "[redacted]" Maybe its ticket registering with redis: "cas.ticket.registry.redis.crypto.alg": "AES", "cas.ticket.registry.redis.crypto.enabled": "false", "cas.ticket.registry.redis.crypto.encryption.key": "", "cas.ticket.registry.redis.crypto.encryption.key-size": "16", "cas.ticket.registry.redis.crypto.signing.key": "", "cas.ticket.registry.redis.crypto.signing.key-size": "512", "cas.ticket.registry.redis.database": "1", "cas.ticket.registry.redis.host": "localhost", "cas.ticket.registry.redis.password": "[redacted]", "cas.ticket.registry.redis.pool.enabled": "false", "cas.ticket.registry.redis.pool.fairness": "false", "cas.ticket.registry.redis.pool.lifo": "true", "cas.ticket.registry.redis.pool.max-active": "8", "cas.ticket.registry.redis.pool.max-idle": "8", "cas.ticket.registry.redis.pool.max-wait": "-1", "cas.ticket.registry.redis.pool.min-evictable-idle-time-millis": "0", "cas.ticket.registry.redis.pool.min-idle": "0", "cas.ticket.registry.redis.pool.num-tests-per-eviction-run": "0", "cas.ticket.registry.redis.pool.soft-min-evictable-idle-time-millis": "0", "cas.ticket.registry.redis.pool.test-on-borrow": "false", "cas.ticket.registry.redis.pool.test-on-create": "false", "cas.ticket.registry.redis.pool.test-on-return": "false", "cas.ticket.registry.redis.pool.test-while-idle": "false", "cas.ticket.registry.redis.port": "6379", "cas.ticket.registry.redis.timeout": "2000", "cas.ticket.registry.redis.use-ssl": "false", Any hints? Regards Bartek -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org.
