I have CAS v 6.3.2 which is quite new. But I'm not sure if its newer than this patch. Hmm, I've cloned this overlay https://github.com/apereo/cas-overlay-template/tree/6.3 with latest commit 995813b on 14 Feb
So how to make it work? I don't want to build CAS form sources: https://github.com/apereo/cas/tree/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f I'm wondering, where is this GoogleAuthenticatorOneTimeTokenCredentialValidator.java <https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f#diff-1df13ecfa59195b04a0fb8db8cfe2d11ef4a09ef52fab4832edff1caaeeb8a81> file after build. Maybe it's possible to replace/edit it? Regards Bartek wtorek, 13 kwietnia 2021 o 14:06:08 UTC+2 Philippe MARASSE napisał(a): > Hello, > > It has been fixed there > https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f > > Verify that you version of CAS is newer than that commit, it should be > fine. > > Regards > > > Le 13/04/2021 à 13:04, Bartosz Nitkiewicz a écrit : > > Hi, > The setup looks like this: > > CAS + Vault (config file) + LDAP + 2FA (mfa-gauth) + redis for gauth and > ticket registration. > > After testing before production deployment I've noticed that user can > authorize providing user and pass, when asking for Gauth token* it can be > anything (even one character)* and CAS will pass it through. I don't know > where I have mistake: > > Here is my config form VAULT > > > "cas.authn.mfa.gauth.crypto.encryption.key": "[redacted]", > "cas.authn.mfa.gauth.crypto.signing.key": "[redacted]", > "cas.authn.mfa.gauth.issuer": "CAS", > "cas.authn.mfa.gauth.label": "CAS", > "cas.authn.mfa.gauth.multiple-device-registration-enabled": "false", > "cas.authn.mfa.gauth.name": "CAS", > "cas.authn.mfa.gauth.redis.database": "0", > "cas.authn.mfa.gauth.redis.host": "localhost", > "cas.authn.mfa.gauth.redis.password": "[redacted]", > "cas.authn.mfa.gauth.redis.port": "6379", > "cas.authn.mfa.gauth.redis.read-from": "MASTER", > "cas.authn.mfa.gauth.redis.timeout": "2000", > "cas.authn.mfa.gauth.redis.use-ssl": "false", > "cas.authn.mfa.global-provider-id": "mfa-gauth", > > "cas.authn.mfa.triggers.principal.global-principal-attribute-name-triggers": > "memberOf", > > "cas.authn.mfa.triggers.principal.global-principal-attribute-value-regex": > "[redacted]" > > Maybe its ticket registering with redis: > > "cas.ticket.registry.redis.crypto.alg": "AES", > "cas.ticket.registry.redis.crypto.enabled": "false", > "cas.ticket.registry.redis.crypto.encryption.key": "", > "cas.ticket.registry.redis.crypto.encryption.key-size": "16", > "cas.ticket.registry.redis.crypto.signing.key": "", > "cas.ticket.registry.redis.crypto.signing.key-size": "512", > "cas.ticket.registry.redis.database": "1", > "cas.ticket.registry.redis.host": "localhost", > "cas.ticket.registry.redis.password": "[redacted]", > "cas.ticket.registry.redis.pool.enabled": "false", > "cas.ticket.registry.redis.pool.fairness": "false", > "cas.ticket.registry.redis.pool.lifo": "true", > "cas.ticket.registry.redis.pool.max-active": "8", > "cas.ticket.registry.redis.pool.max-idle": "8", > "cas.ticket.registry.redis.pool.max-wait": "-1", > "cas.ticket.registry.redis.pool.min-evictable-idle-time-millis": "0", > "cas.ticket.registry.redis.pool.min-idle": "0", > "cas.ticket.registry.redis.pool.num-tests-per-eviction-run": "0", > "cas.ticket.registry.redis.pool.soft-min-evictable-idle-time-millis": > "0", > "cas.ticket.registry.redis.pool.test-on-borrow": "false", > "cas.ticket.registry.redis.pool.test-on-create": "false", > "cas.ticket.registry.redis.pool.test-on-return": "false", > "cas.ticket.registry.redis.pool.test-while-idle": "false", > "cas.ticket.registry.redis.port": "6379", > "cas.ticket.registry.redis.timeout": "2000", > "cas.ticket.registry.redis.use-ssl": "false", > > Any hints? > Regards > Bartek > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org?utm_medium=email&utm_source=footer> > . > > > > -- > Philippe MARASSE > > Responsable pôle Infrastructures - DSIO > Centre Hospitalier Henri Laborit > CS 10587 - 370 avenue Jacques Cœur > 86021 Poitiers Cedex > Tel : 05.49.44.57.19 > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/df4bd63c-f9d4-4c2e-9183-5d68c8094b7en%40apereo.org.
