In CAS 6.4, we used the Duo Security provider for two-factor
authentication. This provider communicated with our own MFA solution. That
worked great! When CAS was upgraded to version 6.6, it stopped working
because the duo_client_java library, from version 0.5.0 (including), they
introduced certificate pinning. Unfortunately, I don't have the option to
use a certificate from those CAs.
I used cas-overlay gradle.
Is there any possibility to set a custom certificate using the
configuration file? Alternatively, how to replace duo-client-*.jar with a
custom version of the duo-client-java library where certificate pinning is
disabled?
I'm trying in build.gradle to add *exclude(group: "com.duosecurity",
module: "duo-client")* and in dependencies to add *implementation
files('customlibs/duo-client-0.5.0.jar')*. If I tried built the library
using the jitpack repo, still not working. I also tried on
springboot.gradle file add *exclude WEB-INF/lib/duo-client-*.jar*, also
without success. In war still not contain custom version of library.
Is there any way to do this?
Thanks
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/39bac233-40bd-46fc-b345-0510616a1354n%40apereo.org.
