In CAS 6.4, we used the Duo Security provider for two-factor authentication. This provider communicated with our own MFA solution. That worked great! When CAS was upgraded to version 6.6, it stopped working because the duo_client_java library, from version 0.5.0 (including), they introduced certificate pinning. Unfortunately, I don't have the option to use a certificate from those CAs.
I used cas-overlay gradle. Is there any possibility to set a custom certificate using the configuration file? Alternatively, how to replace duo-client-*.jar with a custom version of the duo-client-java library where certificate pinning is disabled? I'm trying in build.gradle to add *exclude(group: "com.duosecurity", module: "duo-client")* and in dependencies to add *implementation files('customlibs/duo-client-0.5.0.jar')*. If I tried built the library using the jitpack repo, still not working. I also tried on springboot.gradle file add *exclude WEB-INF/lib/duo-client-*.jar*, also without success. In war still not contain custom version of library. Is there any way to do this? Thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/39bac233-40bd-46fc-b345-0510616a1354n%40apereo.org.