Hello,
Not sure about the config way, sorry. But I would look into CAS
bootstrap code for DUO and maybe there is a way to nudge your
certificate in... provided the DUO has API for it.
That way you will be patching just the CAS class that bootstraps the
DUO... which you can do using src/ folder structure in the overlay project.
If you want to patch the library, and include it as an external
dependency, then you need to adjust the build.bradle script:
dependencies {
...
// because it is a build dependency, gradle automatically stuff it
into WAR too
implementation files("../pac4j/pac4j-saml/target/pac4j-saml-5.3.1.jar")
}
configurations.all {
...
exclude group: 'org.pac4j', module: 'pac4j-saml'
}
I have this working on a 6.5.x branch of CAS. The pac4j-saml is a
library I needed to patch.
The "dependencies" part refers to build dependencies because I have
other custom patches hooked onto the pac4j-saml library and I need it at
compile time.
Cheers,
Fiisch
On 04/30/2023 07:23 PM, JakubFr wrote:
In CAS 6.4, we used the Duo Security provider for two-factor
authentication. This provider communicated with our own MFA solution.
That worked great! When CAS was upgraded to version 6.6, it stopped
working because the duo_client_java library, from version 0.5.0
(including), they introduced certificate pinning. Unfortunately, I
don't have the option to use a certificate from those CAs.
I used cas-overlay gradle.
Is there any possibility to set a custom certificate using the
configuration file? Alternatively, how to replace duo-client-*.jar
with a custom version of the duo-client-java library where certificate
pinning is disabled?
I'm trying in build.gradle to add *exclude(group: "com.duosecurity",
module: "duo-client")* and in dependencies to add *implementation
files('customlibs/duo-client-0.5.0.jar')*. If I tried built the
library using the jitpack repo, still not working. I also tried on
springboot.gradle file add *exclude WEB-INF/lib/duo-client-*.jar*,
also without success. In war still not contain custom version of library.
Is there any way to do this?
Thanks
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org
<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/39bac233-40bd-46fc-b345-0510616a1354n%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/39bac233-40bd-46fc-b345-0510616a1354n%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3676b81f-c51c-d4e2-6c31-58d88b53baaa%40gmail.com.
