Thanks for reply. It looks like building CAS 6.3.3 solve gauth issue. This is latest stable CAS version. Once again thank You.
wtorek, 13 kwietnia 2021 o 16:32:13 UTC+2 Łukasz Woźniak napisał(a): > It should stay mfa-gauth. Sorry phone dictionary problem 😀 > > wt., 13 kwi 2021, 16:30 użytkownik Łukasz Woźniak <[email protected]> > napisał: > >> Hi, I have czas 6.3.2 with Google mfa and it works. Dont change config >> cas.authn.mfa.gauth.name it stole stary mfa-gauth >> >> wt., 13 kwi 2021, 16:04 użytkownik Bartosz Nitkiewicz < >> [email protected]> napisał: >> >>> I have cloned CAS sources and >>> copy >>> cas/support/cas-server-support-gauth-core/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java >>> >>> to >>> cas-overlay-template/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java >>> >>> and I have build issues down below: >>> >>> https://dpaste.com/8X6QFAGR2 >>> >>> >>> Maybe there is another way? >>> wtorek, 13 kwietnia 2021 o 15:22:29 UTC+2 Philippe MARASSE napisał(a): >>> >>>> A good question indeed :-) >>>> >>>> I've took a look over my overlay, it seem that I only overloaded the >>>> flawed class from the commit : >>>> >>>> >>>> cas-overlay/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java >>>> >>>> CAS 6.3.2 is older than the patch I think. >>>> >>>> So : >>>> - fetch CAS sources from github >>>> - Copy the GoogleAuthenticatorOneTimeTokenCredentialValidator.java in >>>> your overlay >>>> - build your overlay >>>> >>>> and test it :-). >>>> >>>> Regards. >>>> >>>> >>>> Le 13/04/2021 à 14:24, Bartosz Nitkiewicz a écrit : >>>> >>>> I have CAS v 6.3.2 which is quite new. But I'm not sure if its newer >>>> than this patch. >>>> Hmm, I've cloned this overlay >>>> https://github.com/apereo/cas-overlay-template/tree/6.3 with latest >>>> commit 995813b on 14 Feb >>>> >>>> >>>> So how to make it work? I don't want to build CAS form sources: >>>> https://github.com/apereo/cas/tree/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f >>>> >>>> I'm wondering, where is this >>>> GoogleAuthenticatorOneTimeTokenCredentialValidator.java >>>> <https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f#diff-1df13ecfa59195b04a0fb8db8cfe2d11ef4a09ef52fab4832edff1caaeeb8a81> >>>> file >>>> after build. Maybe it's possible to replace/edit it? >>>> Regards >>>> Bartek >>>> >>>> >>>> wtorek, 13 kwietnia 2021 o 14:06:08 UTC+2 Philippe MARASSE napisał(a): >>>> >>>>> Hello, >>>>> >>>>> It has been fixed there >>>>> https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f >>>>> >>>>> Verify that you version of CAS is newer than that commit, it should be >>>>> fine. >>>>> >>>>> Regards >>>>> >>>>> >>>>> Le 13/04/2021 à 13:04, Bartosz Nitkiewicz a écrit : >>>>> >>>>> Hi, >>>>> The setup looks like this: >>>>> >>>>> CAS + Vault (config file) + LDAP + 2FA (mfa-gauth) + redis for gauth >>>>> and ticket registration. >>>>> >>>>> After testing before production deployment I've noticed that user can >>>>> authorize providing user and pass, when asking for Gauth token* it >>>>> can be anything (even one character)* and CAS will pass it through. I >>>>> don't know where I have mistake: >>>>> >>>>> Here is my config form VAULT >>>>> >>>>> >>>>> "cas.authn.mfa.gauth.crypto.encryption.key": "[redacted]", >>>>> "cas.authn.mfa.gauth.crypto.signing.key": "[redacted]", >>>>> "cas.authn.mfa.gauth.issuer": "CAS", >>>>> "cas.authn.mfa.gauth.label": "CAS", >>>>> "cas.authn.mfa.gauth.multiple-device-registration-enabled": "false", >>>>> "cas.authn.mfa.gauth.name": "CAS", >>>>> "cas.authn.mfa.gauth.redis.database": "0", >>>>> "cas.authn.mfa.gauth.redis.host": "localhost", >>>>> "cas.authn.mfa.gauth.redis.password": "[redacted]", >>>>> "cas.authn.mfa.gauth.redis.port": "6379", >>>>> "cas.authn.mfa.gauth.redis.read-from": "MASTER", >>>>> "cas.authn.mfa.gauth.redis.timeout": "2000", >>>>> "cas.authn.mfa.gauth.redis.use-ssl": "false", >>>>> "cas.authn.mfa.global-provider-id": "mfa-gauth", >>>>> >>>>> "cas.authn.mfa.triggers.principal.global-principal-attribute-name-triggers": >>>>> >>>>> "memberOf", >>>>> >>>>> "cas.authn.mfa.triggers.principal.global-principal-attribute-value-regex": >>>>> >>>>> "[redacted]" >>>>> >>>>> Maybe its ticket registering with redis: >>>>> >>>>> "cas.ticket.registry.redis.crypto.alg": "AES", >>>>> "cas.ticket.registry.redis.crypto.enabled": "false", >>>>> "cas.ticket.registry.redis.crypto.encryption.key": "", >>>>> "cas.ticket.registry.redis.crypto.encryption.key-size": "16", >>>>> "cas.ticket.registry.redis.crypto.signing.key": "", >>>>> "cas.ticket.registry.redis.crypto.signing.key-size": "512", >>>>> "cas.ticket.registry.redis.database": "1", >>>>> "cas.ticket.registry.redis.host": "localhost", >>>>> "cas.ticket.registry.redis.password": "[redacted]", >>>>> "cas.ticket.registry.redis.pool.enabled": "false", >>>>> "cas.ticket.registry.redis.pool.fairness": "false", >>>>> "cas.ticket.registry.redis.pool.lifo": "true", >>>>> "cas.ticket.registry.redis.pool.max-active": "8", >>>>> "cas.ticket.registry.redis.pool.max-idle": "8", >>>>> "cas.ticket.registry.redis.pool.max-wait": "-1", >>>>> "cas.ticket.registry.redis.pool.min-evictable-idle-time-millis": "0", >>>>> "cas.ticket.registry.redis.pool.min-idle": "0", >>>>> "cas.ticket.registry.redis.pool.num-tests-per-eviction-run": "0", >>>>> >>>>> "cas.ticket.registry.redis.pool.soft-min-evictable-idle-time-millis": "0", >>>>> "cas.ticket.registry.redis.pool.test-on-borrow": "false", >>>>> "cas.ticket.registry.redis.pool.test-on-create": "false", >>>>> "cas.ticket.registry.redis.pool.test-on-return": "false", >>>>> "cas.ticket.registry.redis.pool.test-while-idle": "false", >>>>> "cas.ticket.registry.redis.port": "6379", >>>>> "cas.ticket.registry.redis.timeout": "2000", >>>>> "cas.ticket.registry.redis.use-ssl": "false", >>>>> >>>>> Any hints? >>>>> Regards >>>>> Bartek >>>>> >>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org >>>>> >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> >>>>> >>>>> -- >>>>> Philippe MARASSE >>>>> >>>>> Responsable pôle Infrastructures - DSIO >>>>> Centre Hospitalier Henri Laborit >>>>> CS 10587 - 370 avenue Jacques Cœur >>>>> 86021 Poitiers Cedex >>>>> Tel : 05.49.44.57.19 >>>>> >>>>> >>>> >>>> -- >>>> Philippe MARASSE >>>> >>>> Responsable pôle Infrastructures - DSIO >>>> Centre Hospitalier Henri Laborit >>>> CS 10587 - 370 avenue Jacques Cœur >>>> 86021 Poitiers Cedex >>>> Tel : 05.49.44.57.19 >>>> >>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7e3233c-10db-497b-9430-58aa200550b4n%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7e3233c-10db-497b-9430-58aa200550b4n%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/19eec979-b095-4be2-b5cc-3d46aa4e0594n%40apereo.org.
