Hi, I have czas 6.3.2 with Google mfa and it works. Dont change config cas.authn.mfa.gauth.name it stole stary mfa-gauth
wt., 13 kwi 2021, 16:04 użytkownik Bartosz Nitkiewicz <[email protected]> napisał: > I have cloned CAS sources and > copy > cas/support/cas-server-support-gauth-core/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java > to > cas-overlay-template/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java > > and I have build issues down below: > > https://dpaste.com/8X6QFAGR2 > > > Maybe there is another way? > wtorek, 13 kwietnia 2021 o 15:22:29 UTC+2 Philippe MARASSE napisał(a): > >> A good question indeed :-) >> >> I've took a look over my overlay, it seem that I only overloaded the >> flawed class from the commit : >> >> >> cas-overlay/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java >> >> CAS 6.3.2 is older than the patch I think. >> >> So : >> - fetch CAS sources from github >> - Copy the GoogleAuthenticatorOneTimeTokenCredentialValidator.java in >> your overlay >> - build your overlay >> >> and test it :-). >> >> Regards. >> >> >> Le 13/04/2021 à 14:24, Bartosz Nitkiewicz a écrit : >> >> I have CAS v 6.3.2 which is quite new. But I'm not sure if its newer than >> this patch. >> Hmm, I've cloned this overlay >> https://github.com/apereo/cas-overlay-template/tree/6.3 with latest >> commit 995813b on 14 Feb >> >> >> So how to make it work? I don't want to build CAS form sources: >> https://github.com/apereo/cas/tree/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f >> >> I'm wondering, where is this >> GoogleAuthenticatorOneTimeTokenCredentialValidator.java >> <https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f#diff-1df13ecfa59195b04a0fb8db8cfe2d11ef4a09ef52fab4832edff1caaeeb8a81> >> file >> after build. Maybe it's possible to replace/edit it? >> Regards >> Bartek >> >> >> wtorek, 13 kwietnia 2021 o 14:06:08 UTC+2 Philippe MARASSE napisał(a): >> >>> Hello, >>> >>> It has been fixed there >>> https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f >>> >>> Verify that you version of CAS is newer than that commit, it should be >>> fine. >>> >>> Regards >>> >>> >>> Le 13/04/2021 à 13:04, Bartosz Nitkiewicz a écrit : >>> >>> Hi, >>> The setup looks like this: >>> >>> CAS + Vault (config file) + LDAP + 2FA (mfa-gauth) + redis for gauth and >>> ticket registration. >>> >>> After testing before production deployment I've noticed that user can >>> authorize providing user and pass, when asking for Gauth token* it can >>> be anything (even one character)* and CAS will pass it through. I don't >>> know where I have mistake: >>> >>> Here is my config form VAULT >>> >>> >>> "cas.authn.mfa.gauth.crypto.encryption.key": "[redacted]", >>> "cas.authn.mfa.gauth.crypto.signing.key": "[redacted]", >>> "cas.authn.mfa.gauth.issuer": "CAS", >>> "cas.authn.mfa.gauth.label": "CAS", >>> "cas.authn.mfa.gauth.multiple-device-registration-enabled": "false", >>> "cas.authn.mfa.gauth.name": "CAS", >>> "cas.authn.mfa.gauth.redis.database": "0", >>> "cas.authn.mfa.gauth.redis.host": "localhost", >>> "cas.authn.mfa.gauth.redis.password": "[redacted]", >>> "cas.authn.mfa.gauth.redis.port": "6379", >>> "cas.authn.mfa.gauth.redis.read-from": "MASTER", >>> "cas.authn.mfa.gauth.redis.timeout": "2000", >>> "cas.authn.mfa.gauth.redis.use-ssl": "false", >>> "cas.authn.mfa.global-provider-id": "mfa-gauth", >>> >>> "cas.authn.mfa.triggers.principal.global-principal-attribute-name-triggers": >>> "memberOf", >>> >>> "cas.authn.mfa.triggers.principal.global-principal-attribute-value-regex": >>> "[redacted]" >>> >>> Maybe its ticket registering with redis: >>> >>> "cas.ticket.registry.redis.crypto.alg": "AES", >>> "cas.ticket.registry.redis.crypto.enabled": "false", >>> "cas.ticket.registry.redis.crypto.encryption.key": "", >>> "cas.ticket.registry.redis.crypto.encryption.key-size": "16", >>> "cas.ticket.registry.redis.crypto.signing.key": "", >>> "cas.ticket.registry.redis.crypto.signing.key-size": "512", >>> "cas.ticket.registry.redis.database": "1", >>> "cas.ticket.registry.redis.host": "localhost", >>> "cas.ticket.registry.redis.password": "[redacted]", >>> "cas.ticket.registry.redis.pool.enabled": "false", >>> "cas.ticket.registry.redis.pool.fairness": "false", >>> "cas.ticket.registry.redis.pool.lifo": "true", >>> "cas.ticket.registry.redis.pool.max-active": "8", >>> "cas.ticket.registry.redis.pool.max-idle": "8", >>> "cas.ticket.registry.redis.pool.max-wait": "-1", >>> "cas.ticket.registry.redis.pool.min-evictable-idle-time-millis": "0", >>> "cas.ticket.registry.redis.pool.min-idle": "0", >>> "cas.ticket.registry.redis.pool.num-tests-per-eviction-run": "0", >>> "cas.ticket.registry.redis.pool.soft-min-evictable-idle-time-millis": >>> "0", >>> "cas.ticket.registry.redis.pool.test-on-borrow": "false", >>> "cas.ticket.registry.redis.pool.test-on-create": "false", >>> "cas.ticket.registry.redis.pool.test-on-return": "false", >>> "cas.ticket.registry.redis.pool.test-while-idle": "false", >>> "cas.ticket.registry.redis.port": "6379", >>> "cas.ticket.registry.redis.timeout": "2000", >>> "cas.ticket.registry.redis.use-ssl": "false", >>> >>> Any hints? >>> Regards >>> Bartek >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >>> >>> >>> -- >>> Philippe MARASSE >>> >>> Responsable pôle Infrastructures - DSIO >>> Centre Hospitalier Henri Laborit >>> CS 10587 - 370 avenue Jacques Cœur >>> 86021 Poitiers Cedex >>> Tel : 05.49.44.57.19 >>> >>> >> >> -- >> Philippe MARASSE >> >> Responsable pôle Infrastructures - DSIO >> Centre Hospitalier Henri Laborit >> CS 10587 - 370 avenue Jacques Cœur >> 86021 Poitiers Cedex >> Tel : 05.49.44.57.19 >> >> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7e3233c-10db-497b-9430-58aa200550b4n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7e3233c-10db-497b-9430-58aa200550b4n%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD1CM_j9CMztSgUGgd2s-qcoKCZAmMEPp2Z5qW9MpLarLioeSA%40mail.gmail.com.
