It looks like it is working indeed. But you can provide any numer and CAS authorize user. Check it twice ;)
wtorek, 13 kwietnia 2021 o 16:30:47 UTC+2 Łukasz Woźniak napisał(a): > Hi, I have czas 6.3.2 with Google mfa and it works. Dont change config > cas.authn.mfa.gauth.name it stole stary mfa-gauth > > wt., 13 kwi 2021, 16:04 użytkownik Bartosz Nitkiewicz < > [email protected]> napisał: > >> I have cloned CAS sources and >> copy >> cas/support/cas-server-support-gauth-core/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java >> >> to >> cas-overlay-template/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java >> >> and I have build issues down below: >> >> https://dpaste.com/8X6QFAGR2 >> >> >> Maybe there is another way? >> wtorek, 13 kwietnia 2021 o 15:22:29 UTC+2 Philippe MARASSE napisał(a): >> >>> A good question indeed :-) >>> >>> I've took a look over my overlay, it seem that I only overloaded the >>> flawed class from the commit : >>> >>> >>> cas-overlay/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java >>> >>> CAS 6.3.2 is older than the patch I think. >>> >>> So : >>> - fetch CAS sources from github >>> - Copy the GoogleAuthenticatorOneTimeTokenCredentialValidator.java in >>> your overlay >>> - build your overlay >>> >>> and test it :-). >>> >>> Regards. >>> >>> >>> Le 13/04/2021 à 14:24, Bartosz Nitkiewicz a écrit : >>> >>> I have CAS v 6.3.2 which is quite new. But I'm not sure if its newer >>> than this patch. >>> Hmm, I've cloned this overlay >>> https://github.com/apereo/cas-overlay-template/tree/6.3 with latest >>> commit 995813b on 14 Feb >>> >>> >>> So how to make it work? I don't want to build CAS form sources: >>> https://github.com/apereo/cas/tree/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f >>> >>> I'm wondering, where is this >>> GoogleAuthenticatorOneTimeTokenCredentialValidator.java >>> <https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f#diff-1df13ecfa59195b04a0fb8db8cfe2d11ef4a09ef52fab4832edff1caaeeb8a81> >>> file >>> after build. Maybe it's possible to replace/edit it? >>> Regards >>> Bartek >>> >>> >>> wtorek, 13 kwietnia 2021 o 14:06:08 UTC+2 Philippe MARASSE napisał(a): >>> >>>> Hello, >>>> >>>> It has been fixed there >>>> https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f >>>> >>>> Verify that you version of CAS is newer than that commit, it should be >>>> fine. >>>> >>>> Regards >>>> >>>> >>>> Le 13/04/2021 à 13:04, Bartosz Nitkiewicz a écrit : >>>> >>>> Hi, >>>> The setup looks like this: >>>> >>>> CAS + Vault (config file) + LDAP + 2FA (mfa-gauth) + redis for gauth >>>> and ticket registration. >>>> >>>> After testing before production deployment I've noticed that user can >>>> authorize providing user and pass, when asking for Gauth token* it can >>>> be anything (even one character)* and CAS will pass it through. I >>>> don't know where I have mistake: >>>> >>>> Here is my config form VAULT >>>> >>>> >>>> "cas.authn.mfa.gauth.crypto.encryption.key": "[redacted]", >>>> "cas.authn.mfa.gauth.crypto.signing.key": "[redacted]", >>>> "cas.authn.mfa.gauth.issuer": "CAS", >>>> "cas.authn.mfa.gauth.label": "CAS", >>>> "cas.authn.mfa.gauth.multiple-device-registration-enabled": "false", >>>> "cas.authn.mfa.gauth.name": "CAS", >>>> "cas.authn.mfa.gauth.redis.database": "0", >>>> "cas.authn.mfa.gauth.redis.host": "localhost", >>>> "cas.authn.mfa.gauth.redis.password": "[redacted]", >>>> "cas.authn.mfa.gauth.redis.port": "6379", >>>> "cas.authn.mfa.gauth.redis.read-from": "MASTER", >>>> "cas.authn.mfa.gauth.redis.timeout": "2000", >>>> "cas.authn.mfa.gauth.redis.use-ssl": "false", >>>> "cas.authn.mfa.global-provider-id": "mfa-gauth", >>>> >>>> "cas.authn.mfa.triggers.principal.global-principal-attribute-name-triggers": >>>> >>>> "memberOf", >>>> >>>> "cas.authn.mfa.triggers.principal.global-principal-attribute-value-regex": >>>> "[redacted]" >>>> >>>> Maybe its ticket registering with redis: >>>> >>>> "cas.ticket.registry.redis.crypto.alg": "AES", >>>> "cas.ticket.registry.redis.crypto.enabled": "false", >>>> "cas.ticket.registry.redis.crypto.encryption.key": "", >>>> "cas.ticket.registry.redis.crypto.encryption.key-size": "16", >>>> "cas.ticket.registry.redis.crypto.signing.key": "", >>>> "cas.ticket.registry.redis.crypto.signing.key-size": "512", >>>> "cas.ticket.registry.redis.database": "1", >>>> "cas.ticket.registry.redis.host": "localhost", >>>> "cas.ticket.registry.redis.password": "[redacted]", >>>> "cas.ticket.registry.redis.pool.enabled": "false", >>>> "cas.ticket.registry.redis.pool.fairness": "false", >>>> "cas.ticket.registry.redis.pool.lifo": "true", >>>> "cas.ticket.registry.redis.pool.max-active": "8", >>>> "cas.ticket.registry.redis.pool.max-idle": "8", >>>> "cas.ticket.registry.redis.pool.max-wait": "-1", >>>> "cas.ticket.registry.redis.pool.min-evictable-idle-time-millis": "0", >>>> "cas.ticket.registry.redis.pool.min-idle": "0", >>>> "cas.ticket.registry.redis.pool.num-tests-per-eviction-run": "0", >>>> "cas.ticket.registry.redis.pool.soft-min-evictable-idle-time-millis": >>>> "0", >>>> "cas.ticket.registry.redis.pool.test-on-borrow": "false", >>>> "cas.ticket.registry.redis.pool.test-on-create": "false", >>>> "cas.ticket.registry.redis.pool.test-on-return": "false", >>>> "cas.ticket.registry.redis.pool.test-while-idle": "false", >>>> "cas.ticket.registry.redis.port": "6379", >>>> "cas.ticket.registry.redis.timeout": "2000", >>>> "cas.ticket.registry.redis.use-ssl": "false", >>>> >>>> Any hints? >>>> Regards >>>> Bartek >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> >>>> >>>> -- >>>> Philippe MARASSE >>>> >>>> Responsable pôle Infrastructures - DSIO >>>> Centre Hospitalier Henri Laborit >>>> CS 10587 - 370 avenue Jacques Cœur >>>> 86021 Poitiers Cedex >>>> Tel : 05.49.44.57.19 >>>> >>>> >>> >>> -- >>> Philippe MARASSE >>> >>> Responsable pôle Infrastructures - DSIO >>> Centre Hospitalier Henri Laborit >>> CS 10587 - 370 avenue Jacques Cœur >>> 86021 Poitiers Cedex >>> Tel : 05.49.44.57.19 >>> >>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7e3233c-10db-497b-9430-58aa200550b4n%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7e3233c-10db-497b-9430-58aa200550b4n%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e0bf8dd2-bcea-437b-b32e-b199db0178f6n%40apereo.org.
