Guillaume, Perhaps, https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Policy-All.html more generally, https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Components.html#authentication-sequence This blog may also provide some hints, https://fawnoos.com/2020/10/21/cas62-authn-handlers/
Ray On Thu, 2022-11-24 at 03:15 -0800, Neomia Dev wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello everyone, If this is not the right place to post this, sorry and please point me to the right forum/discussion channel. I’m a software engineer (at neomia) and we developed an MFA plugin (Pulse) to add a second authentication factor to CAS based on typing biometrics. We developed a specific AuthenticationHandler (PulseAuthenticationHandler) that currently works correctly but we need some help to configure the authentication policy. In a configuration where we have two handlers (LdapAuthenticationHandler and PulseAuthenticationHandler) we would like to have this behavior: * Specify a desired execution order (e.g. LdapAuthenticationHandler is always executed first, PulseAuthenticationHandler second); * If one handler fails, the following handlers in the authentication chain must not be invoked and the authentication must be refused (e.g. if LdapAuthenticationHandler fails – as first factor, the PulseAuthenticationHandler – as second factor - must not be invoked and the authentication must be refused); * The authentication is successful if and only if all the specified authentication handlers are invoked and their results are successful. In all possible configurations that we tried (with the different possible values - https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Policy.html). The PulseAuthenticationHandler still gets invoked and we couldn’t figure out how to stop the authentication chain right after the first handler failure. We would be grateful if someone could point us in the right direction. Thanks Guillaume Laroyenne neomia -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6297be8f9220072c6d1ce22e8ef1ba275fcfd14b.camel%40uvic.ca.