whoops :-), just forgotten some other modifications, here's the whole diff file :
https://dpaste.com/GWJ5L7F59 Regards. Le 13/04/2021 à 16:04, Bartosz Nitkiewicz a écrit : > I have cloned CAS sources and > copy > cas/support/cas-server-support-gauth-core/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java > to > cas-overlay-template/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java > > > and I have build issues down below: > > https://dpaste.com/8X6QFAGR2 > > > Maybe there is another way? > wtorek, 13 kwietnia 2021 o 15:22:29 UTC+2 Philippe MARASSE napisał(a): > > A good question indeed :-) > > I've took a look over my overlay, it seem that I only overloaded > the flawed class from the commit : > > > cas-overlay/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java > > CAS 6.3.2 is older than the patch I think. > > So : > - fetch CAS sources from github > - Copy the > GoogleAuthenticatorOneTimeTokenCredentialValidator.java in your > overlay > - build your overlay > > and test it :-). > > Regards. > > > Le 13/04/2021 à 14:24, Bartosz Nitkiewicz a écrit : >> I have CAS v 6.3.2 which is quite new. But I'm not sure if its >> newer than this patch. >> Hmm, I've cloned this >> overlay https://github.com/apereo/cas-overlay-template/tree/6.3 >> <https://github.com/apereo/cas-overlay-template/tree/6.3> with >> latest commit 995813b on 14 Feb >> >> >> So how to make it work? I don't want to build CAS form sources: >> >> https://github.com/apereo/cas/tree/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f >> >> <https://github.com/apereo/cas/tree/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f> >> >> I'm wondering, where is >> this GoogleAuthenticatorOneTimeTokenCredentialValidator.java >> >> <https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f#diff-1df13ecfa59195b04a0fb8db8cfe2d11ef4a09ef52fab4832edff1caaeeb8a81> >> file >> after build. Maybe it's possible to replace/edit it? >> Regards >> Bartek >> >> >> wtorek, 13 kwietnia 2021 o 14:06:08 UTC+2 Philippe MARASSE >> napisał(a): >> >> Hello, >> >> It has been fixed there >> >> https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f >> >> <https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f> >> >> Verify that you version of CAS is newer than that commit, it >> should be fine. >> >> Regards >> >> >> Le 13/04/2021 à 13:04, Bartosz Nitkiewicz a écrit : >>> Hi, >>> The setup looks like this: >>> >>> CAS + Vault (config file) + LDAP + 2FA (mfa-gauth) + redis >>> for gauth and ticket registration. >>> >>> After testing before production deployment I've noticed that >>> user can authorize providing user and pass, when asking for >>> Gauth token*it can be anything (even one character)* and CAS >>> will pass it through. I don't know where I have mistake: >>> >>> Here is my config form VAULT >>> >>> >>> "cas.authn.mfa.gauth.crypto.encryption.key": "[redacted]", >>> "cas.authn.mfa.gauth.crypto.signing.key": "[redacted]", >>> "cas.authn.mfa.gauth.issuer": "CAS", >>> "cas.authn.mfa.gauth.label": "CAS", >>> >>> "cas.authn.mfa.gauth.multiple-device-registration-enabled": >>> "false", >>> "cas.authn.mfa.gauth.name >>> <http://cas.authn.mfa.gauth.name>": "CAS", >>> "cas.authn.mfa.gauth.redis.database": "0", >>> "cas.authn.mfa.gauth.redis.host": "localhost", >>> "cas.authn.mfa.gauth.redis.password": "[redacted]", >>> "cas.authn.mfa.gauth.redis.port": "6379", >>> "cas.authn.mfa.gauth.redis.read-from": "MASTER", >>> "cas.authn.mfa.gauth.redis.timeout": "2000", >>> "cas.authn.mfa.gauth.redis.use-ssl": "false", >>> "cas.authn.mfa.global-provider-id": "mfa-gauth", >>> >>> >>> "cas.authn.mfa.triggers.principal.global-principal-attribute-name-triggers": >>> "memberOf", >>> >>> >>> "cas.authn.mfa.triggers.principal.global-principal-attribute-value-regex": >>> "[redacted]" >>> >>> Maybe its ticket registering with redis: >>> >>> "cas.ticket.registry.redis.crypto.alg": "AES", >>> "cas.ticket.registry.redis.crypto.enabled": "false", >>> "cas.ticket.registry.redis.crypto.encryption.key": "", >>> "cas.ticket.registry.redis.crypto.encryption.key-size": "16", >>> "cas.ticket.registry.redis.crypto.signing.key": "", >>> "cas.ticket.registry.redis.crypto.signing.key-size": "512", >>> "cas.ticket.registry.redis.database": "1", >>> "cas.ticket.registry.redis.host": "localhost", >>> "cas.ticket.registry.redis.password": "[redacted]", >>> "cas.ticket.registry.redis.pool.enabled": "false", >>> "cas.ticket.registry.redis.pool.fairness": "false", >>> "cas.ticket.registry.redis.pool.lifo": "true", >>> "cas.ticket.registry.redis.pool.max-active": "8", >>> "cas.ticket.registry.redis.pool.max-idle": "8", >>> "cas.ticket.registry.redis.pool.max-wait": "-1", >>> >>> "cas.ticket.registry.redis.pool.min-evictable-idle-time-millis": >>> "0", >>> "cas.ticket.registry.redis.pool.min-idle": "0", >>> >>> "cas.ticket.registry.redis.pool.num-tests-per-eviction-run": >>> "0", >>> >>> >>> "cas.ticket.registry.redis.pool.soft-min-evictable-idle-time-millis": >>> "0", >>> "cas.ticket.registry.redis.pool.test-on-borrow": "false", >>> "cas.ticket.registry.redis.pool.test-on-create": "false", >>> "cas.ticket.registry.redis.pool.test-on-return": "false", >>> "cas.ticket.registry.redis.pool.test-while-idle": "false", >>> "cas.ticket.registry.redis.port": "6379", >>> "cas.ticket.registry.redis.timeout": "2000", >>> "cas.ticket.registry.redis.use-ssl": "false", >>> >>> Any hints? >>> Regards >>> Bartek >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> <https://apereo.github.io/cas> >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> <https://gitter.im/apereo/cas> >>> - List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7> >>> - Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG> >>> --- >>> You received this message because you are subscribed to the >>> Google Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails >>> from it, send an email to [email protected]. >>> To view this discussion on the web visit >>> >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org?utm_medium=email&utm_source=footer>. >> >> >> -- >> Philippe MARASSE >> >> Responsable pôle Infrastructures - DSIO >> Centre Hospitalier Henri Laborit >> CS 10587 - 370 avenue Jacques Cœur >> 86021 Poitiers Cedex >> Tel : 05.49.44.57.19 >> > > > -- > Philippe MARASSE > > Responsable pôle Infrastructures - DSIO > Centre Hospitalier Henri Laborit > CS 10587 - 370 avenue Jacques Cœur > 86021 Poitiers Cedex > Tel : 05.49.44.57.19 > -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7f9ffd9a-a79c-23bd-b84c-1bf6936bae7e%40ch-poitiers.fr.
