In CAS 6.4, we used the Duo Security provider for two-factor
authentication. This provider communicated with our own MFA solution. That
worked great! When CAS was upgraded to version 6.6, it stopped working
because the duo_client_java library, from version 0.5.0 (including), they
introduced certificate pinning. Unfortunately, I don't have the option to
use a certificate from those CAs.
I used cas-overlay gradle.
Is there any possibility to set a custom certificate using the
configuration file? Alternatively, how to replace duo-client-*.jar with a
custom version of the duo-client-java library where certificate pinning is
disabled?
I'm trying in build.gradle to add *exclude(group: "com.duosecurity",
module: "duo-client")* and in dependencies to add *implementation
files('customlibs/duo-client-0.5.0.jar')*. If I tried built the library
using the jitpack repo, still not working. I also tried on
springboot.gradle file add *exclude WEB-INF/lib/duo-client-*.jar*, also
without success. In war still not contain custom version of library.
Is there any way to do this?
Thanks
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/39bac233-40bd-46fc-b345-0510616a1354n%40apereo.org.
