I know this blog well and it has helped me many times. Unfortunately, there is nothing about risk-based authentication and geolocation is only for version 5.
Le mar. 28 févr. 2023 à 18:50, Ray Bon <r...@uvic.ca> a écrit : > You may be able to find some info on https://fawnoos.com/blog/ > > Ray > > On Tue, 2023-02-28 at 11:25 +0100, wouldsmina wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > I go through public IPs, I replaced the IPs to remain confidential. I had > already configured these: > cas.events.core.enabled=true > cas.events.core.track-geolocation=true > > I couldn't find any documentation for cas.authn.adaptive.risk. I added > them, but it doesn't change anything. > > I fear having to resign myself to abandoning this project, yet it would > have been very useful. > > Le lun. 27 févr. 2023 à 18:31, David Malia <dmal...@gmail.com> a écrit : > > Have you enabled one at least one of the things to check? GeoLocation > data would be null until it is enabled. Also, private IPs wouldn't have a > geolocation to lookup. > User-Agent depends on whether or not the client doing the sign in sets the > user-agent header during the request. We are doing some evaluation of this > feature ourselves. > > I have the following properties set. They may or may not be what you want > to set. > > cas.events.enabled=true > cas.events.core.track-geolocation=true > cas.authn.adaptive.risk.threshold=.6 > cas.authn.adaptive.risk.daysInRecentHistory=30 > cas.authn.adaptive.risk.ip.enabled=true > cas.authn.adaptive.risk.agent.enabled=true > cas.authn.adaptive.risk.geoLocation.enabled=true > cas.authn.adaptive.risk.dateTime.enabled=true > # cas.authn.adaptive.risk.dateTime.windowInHours=2 > cas.authn.adaptive.risk.response.blockAttempt=true > > > > On Mon, Feb 27, 2023 at 9:11 AM wouldsmina <wouldsm...@gmail.com> wrote: > > Hi David, > > I replaced redis with influxdb for the events, but the problem remains the > same. > I note that information is missing in the event data: no geolocation, > browser user agent or result. > > [image: Capture d’écran du 2023-02-27 09-47-41.png] > > I have reviewed all the documentation about this and I believe I have > set all the required options.If you have other leads, I'm all the same > taker. > > Regards. > > Le dim. 19 févr. 2023 à 10:18, wouldsmina <wouldsm...@gmail.com> a écrit : > > > I thought some settings were only needed if I had a redis > cluster. However, I have events that are stored in redis. > I will try to use influxdb storage (more simple). > Thank you. > > > > Le dim. 19 févr. 2023 à 05:52, David Malia <dmal...@gmail.com> a écrit : > > Weird, when I looked at it yesterday, I didn't see redis, though I see it > now. > You might try setting all 12 of the required parameters. 7 of them don't > have default values. > > > On Fri, Feb 17, 2023 at 11:44 PM wouldsmina <wouldsm...@gmail.com> wrote: > > I set "implementation "org.apereo.cas:cas-server-support-events-redis"" > and : > cas.events.redis.host=localhost > cas.events.redis.enabled=true > cas.events.redis.database=0 > > did i forget another option ? > > Le ven. 17 févr. 2023 à 21:59, David Malia <dmal...@gmail.com> a écrit : > > > https://apereo.github.io/cas/6.5.x/authentication/Configuring-Authentication-Events.html > > I don't see a 'redis' option for storing the CAS Events. You might try a > storage mechanism listed there. > > Thanks, > David Malia > > On Tue, Feb 14, 2023 at 11:19 PM wouldsmina <wouldsm...@gmail.com> wrote: > > Hello, > > In addition, here is the documentation I used: > https://apereo.github.io/cas/6.5.x/authentication/Configuring-RiskBased-Authentication.html > > Is there more complete documentation? > > Sorry if my request is unclear, I'm not very good at English. > > Le mar. 14 févr. 2023 à 06:20, wouldsmina <wouldsm...@gmail.com> a écrit : > > Hello, > > I'm trying to set up Risk-based Authentication (on CAS 6.5.9), but I can't > figure out if it works or not (but I don't seem to).Following the > documentation, I configure these modules in gradle : > > implementation "org.apereo.cas:cas-server-support-electrofence" > implementation > "org.apereo.cas:cas-server-support-trusted-mfa-redis" > implementation "org.apereo.cas:cas-server-support-events-redis" > implementation "org.apereo.cas:cas-server-support-geolocation" > implementation > "org.apereo.cas:cas-server-support-geolocation-maxmind" > implementation "org.apereo.cas:cas-server-core-events" > > And in case.properties : > cas.maxmind.country-database=/usr/share/GeoIP/GeoIP.dat > > cas.authn.adaptive.policy.require-timed-multifactor[0].provider-id=mfa-yubikey > cas.authn.mfa.trusted.crypto.encryption.key=... > cas.authn.mfa.trusted.crypto.signing.key=... > cas.authn.mfa.trusted.device-fingerprint.cookie.crypto.encryption.key=... > cas.authn.mfa.trusted.device-fingerprint.cookie.crypto.signing.key=... > cas.authn.mfa.trusted.redis.host=localhost > cas.authn.mfa.trusted.redis.port=6379 > cas.authn.mfa.trusted.redis.database=0 > cas.authn.mfa.trusted.redis.enabled=true > cas.events.redis.host=localhost > cas.events.redis.enabled=true > cas.events.redis.database=0 > > I connected from different IP and browser, without result.I also tried to > force the mfa at certain times: > cas.authn.adaptive.policy.require-timed-multifactor[0].on-or-after-hour=20 > cas.authn.adaptive.policy.require-timed-multifactor[0].on-or-before-hour=7 > > always the same. > > Logs : > [2023-02-13 22:08:00] [info] > ============================================================= > [2023-02-13 22:08:00] [info] WHO: audit:unknown > [2023-02-13 22:08:00] [info] WHAT: > {source=RankedMultifactorAuthenticationProviderWebflowEventResolver, > event=success, timestamp=Mon Feb 13 22:08:00 CET 2023} > [2023-02-13 22:08:00] [info] ACTION: AUTHENTICATION_EVENT_TRIGGERED > [2023-02-13 22:08:00] [info] APPLICATION: CAS > [2023-02-13 22:08:00] [info] WHEN: Mon Feb 13 22:08:00 CET 2023 > [2023-02-13 22:08:00] [info] CLIENT IP ADDRESS: .... > [2023-02-13 22:08:00] [info] SERVER IP ADDRESS: .... > [2023-02-13 22:08:00] [info] > ============================================================= > ... > [2023-02-13 22:08:05] [info] #033[32m2023-02-13 22:08:05,636 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > [2023-02-13 22:08:05] [info] > ============================================================= > [2023-02-13 22:08:05] [info] WHO: usertest > [2023-02-13 22:08:05] [info] WHAT: > [RememberMeUsernamePasswordCredential(super=UsernamePasswordCredential(username=usertest, > source=null, customFields={}), rememberMe=false)] > [2023-02-13 22:08:05] [info] ACTION: AUTHENTICATION_SUCCESS > [2023-02-13 22:08:05] [info] APPLICATION: CAS > [2023-02-13 22:08:05] [info] WHEN: Mon Feb 13 22:08:05 CET 2023 > [2023-02-13 22:08:05] [info] CLIENT IP ADDRESS: .... > [2023-02-13 22:08:05] [info] SERVER IP ADDRESS: .... > [2023-02-13 22:08:05] [info] > ============================================================= > [2023-02-13 22:08:05] [info] >#033[m > [2023-02-13 22:08:05] [info] #033[32m2023-02-13 22:08:05,712 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > [2023-02-13 22:08:05] [info] > ============================================================= > [2023-02-13 22:08:05] [info] WHO: usertest > [2023-02-13 22:08:05] [info] WHAT: TGT-1-*****VbkzpcWGqI-cas > [2023-02-13 22:08:05] [info] ACTION: TICKET_GRANTING_TICKET_CREATED > [2023-02-13 22:08:05] [info] APPLICATION: CAS > [2023-02-13 22:08:05] [info] WHEN: Mon Feb 13 22:08:05 CET 2023 > [2023-02-13 22:08:05] [info] CLIENT IP ADDRESS: .... > [2023-02-13 22:08:05] [info] SERVER IP ADDRESS: .... > [2023-02-13 22:08:05] [info] > ============================================================= > > Can someone tell me if I forgot something? > > Regards, > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email tocas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/80949868-dd80-4213-a0bb-9c9cebd02bc5n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/80949868-dd80-4213-a0bb-9c9cebd02bc5n%40apereo.org?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email tocas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAH2NqNaG57CPqbjCTu_hyV%2BkWDTQwZuNe0L4y4esHYg5%2BVHHQQ%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAH2NqNaG57CPqbjCTu_hyV%2BkWDTQwZuNe0L4y4esHYg5%2BVHHQQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email tocas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAL3JkE%2BYS42qpx3GKtQ-Q1JeE06hEqF_1_zWvW%2BV04shRTmRVQ%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAL3JkE%2BYS42qpx3GKtQ-Q1JeE06hEqF_1_zWvW%2BV04shRTmRVQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email tocas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAH2NqNZSrDvJjQRV210YgBaR%3DvXBG3%2BwV6tDMs81QJADb04%3Duw%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAH2NqNZSrDvJjQRV210YgBaR%3DvXBG3%2BwV6tDMs81QJADb04%3Duw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to a topic in the > Google Groups "CAS Community" group. > To unsubscribe from this topic, visit > https://groups.google.com/a/apereo.org/d/topic/cas-user/9c023dq7rVU/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAL3JkELjbWAB3WaU-h7ACfcvTHZYjLX7gR1aU2A_1-y%2B1J7zMg%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAL3JkELjbWAB3WaU-h7ACfcvTHZYjLX7gR1aU2A_1-y%2B1J7zMg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email tocas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAH2NqNYzFfVofFyAQCHuDUOkxRv46Tb6zNM3z1%3D78iu3XtUBvQ%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAH2NqNYzFfVofFyAQCHuDUOkxRv46Tb6zNM3z1%3D78iu3XtUBvQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email tocas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAL3JkE%2BVZ2vmyQuRtmzmc8DxYYqMqtnjPN%3DDmU%3D-pn413cbYvA%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAL3JkE%2BVZ2vmyQuRtmzmc8DxYYqMqtnjPN%3DDmU%3D-pn413cbYvA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/7a0c65856f4e15475a5bafa7ea1c0df76f06eb06.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7a0c65856f4e15475a5bafa7ea1c0df76f06eb06.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAH2NqNbyJiOCca1TjJBsbe3PMj9i1CMJxtF%2BN-UixMky9TGazA%40mail.gmail.com.
