Hello,
I'm trying to set up Risk-based Authentication (on CAS 6.5.9), but I can't
figure out if it works or not (but I don't seem to). Following the
documentation, I configure these modules in gradle :
implementation "org.apereo.cas:cas-server-support-electrofence"
implementation
"org.apereo.cas:cas-server-support-trusted-mfa-redis"
implementation "org.apereo.cas:cas-server-support-events-redis"
implementation "org.apereo.cas:cas-server-support-geolocation"
implementation
"org.apereo.cas:cas-server-support-geolocation-maxmind"
implementation "org.apereo.cas:cas-server-core-events"
And in case.properties :
cas.maxmind.country-database=/usr/share/GeoIP/GeoIP.dat
cas.authn.adaptive.policy.require-timed-multifactor[0].provider-id=mfa-yubikey
cas.authn.mfa.trusted.crypto.encryption.key=...
cas.authn.mfa.trusted.crypto.signing.key=...
cas.authn.mfa.trusted.device-fingerprint.cookie.crypto.encryption.key=...
cas.authn.mfa.trusted.device-fingerprint.cookie.crypto.signing.key=...
cas.authn.mfa.trusted.redis.host=localhost
cas.authn.mfa.trusted.redis.port=6379
cas.authn.mfa.trusted.redis.database=0
cas.authn.mfa.trusted.redis.enabled=true
cas.events.redis.host=localhost
cas.events.redis.enabled=true
cas.events.redis.database=0
I connected from different IP and browser, without result. I also tried to
force the mfa at certain times:
cas.authn.adaptive.policy.require-timed-multifactor[0].on-or-after-hour=20
cas.authn.adaptive.policy.require-timed-multifactor[0].on-or-before-hour=7
always the same.
Logs :
[2023-02-13 22:08:00] [info]
=============================================================
[2023-02-13 22:08:00] [info] WHO: audit:unknown
[2023-02-13 22:08:00] [info] WHAT:
{source=RankedMultifactorAuthenticationProviderWebflowEventResolver,
event=success, timestamp=Mon Feb 13 22:08:00 CET 2023}
[2023-02-13 22:08:00] [info] ACTION: AUTHENTICATION_EVENT_TRIGGERED
[2023-02-13 22:08:00] [info] APPLICATION: CAS
[2023-02-13 22:08:00] [info] WHEN: Mon Feb 13 22:08:00 CET 2023
[2023-02-13 22:08:00] [info] CLIENT IP ADDRESS: ....
[2023-02-13 22:08:00] [info] SERVER IP ADDRESS: ....
[2023-02-13 22:08:00] [info]
=============================================================
...
[2023-02-13 22:08:05] [info] #033[32m2023-02-13 22:08:05,636 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
[2023-02-13 22:08:05] [info]
=============================================================
[2023-02-13 22:08:05] [info] WHO: usertest
[2023-02-13 22:08:05] [info] WHAT:
[RememberMeUsernamePasswordCredential(super=UsernamePasswordCredential(username=usertest,
source=null, customFields={}), rememberMe=false)]
[2023-02-13 22:08:05] [info] ACTION: AUTHENTICATION_SUCCESS
[2023-02-13 22:08:05] [info] APPLICATION: CAS
[2023-02-13 22:08:05] [info] WHEN: Mon Feb 13 22:08:05 CET 2023
[2023-02-13 22:08:05] [info] CLIENT IP ADDRESS: ....
[2023-02-13 22:08:05] [info] SERVER IP ADDRESS: ....
[2023-02-13 22:08:05] [info]
=============================================================
[2023-02-13 22:08:05] [info] >#033[m
[2023-02-13 22:08:05] [info] #033[32m2023-02-13 22:08:05,712 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
[2023-02-13 22:08:05] [info]
=============================================================
[2023-02-13 22:08:05] [info] WHO: usertest
[2023-02-13 22:08:05] [info] WHAT: TGT-1-*****VbkzpcWGqI-cas
[2023-02-13 22:08:05] [info] ACTION: TICKET_GRANTING_TICKET_CREATED
[2023-02-13 22:08:05] [info] APPLICATION: CAS
[2023-02-13 22:08:05] [info] WHEN: Mon Feb 13 22:08:05 CET 2023
[2023-02-13 22:08:05] [info] CLIENT IP ADDRESS: ....
[2023-02-13 22:08:05] [info] SERVER IP ADDRESS: ....
[2023-02-13 22:08:05] [info]
=============================================================
Can someone tell me if I forgot something?
Regards,
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/80949868-dd80-4213-a0bb-9c9cebd02bc5n%40apereo.org.
