[cas-user] Re: 6.6.13 - MFA Trusted devices / expiration

[John]

Can also change view to something like this,

<body>
    <main role="main" class="container mt-3 mb-3">
        <div layout:fragment="content" id="login">
            <div id="content-message" class="text-center">
                <h5 
th:text="#{cas.mfa.registerdevice.label.title}">Register Device</h5>
                <p th:text="#{cas.mfa.registerdevice.label.intro}">Please 
name the current device.</p>
            </div>
            <form method="post" id="registerform" 
th:object="${mfaTrustRecord}" th:action="@{/login}">
                <div class="row mb-3">
                    <input type="hidden" id="deviceName" name="deviceName" 
th:field="*{deviceName}" />
                    <div id="expirationField" style="display:none">
                        <input type="hidden" id="expiration" 
name="expiration" value="60" />
                        <input type="hidden" id="timeUnit" name="timeUnit" 
value="DAYS" />
                    </div>
                    <script>document.getElementById("deviceName").value = 
randomWord();</script>
                </div>
                <div class="my-2 float-end">
                    <button class="btn btn-primary" accesskey="s">
                        <span 
th:text="#{cas.mfa.registerdevice.button.register}">Register</span>
                    </button>
                    <button class="btn btn-secondary novalidate" 
accesskey="k" formnovalidate onclick="$('#eventId').val('skip');">
                        <span 
th:text="#{cas.mfa.registerdevice.button.skip}">Skip</span>
                    </button>
                    <input type="hidden" id="eventId" name="_eventId" 
value="submit" />
                    <input type="hidden" name="geolocation" />
                    <input type="hidden" name="execution" 
th:value="${flowExecutionKey}" />
                </div>
            </form>
        </div>
    </main>
</body>

On Friday, November 3, 2023 at 5:16:18 AM UTC-5 Chris SC wrote:

> Hello, 
> [version 6.6.13]
> I'm working on the implementation of the MFA with the Google Auth. 
> provider and Trusted Devices.
> I have a question concerning the configuration of Trusted Devices.
>
> First time the user comes to a 'Register Device' screen (after MFA Google 
> Auth screen), with 2 fields: 
> 1/ Name of the current device 
> ----> I want to hide this one on the template. What is the template name 
> please ?
>
> 2/ Duration for registered device
> ----> I want to hide this one too, by forcing an expiry time for everyone 
> (30 days)
>
> I've seen some of previous 6.6 configurations using : 
> cas.authn.mfa.trusted.expiration=30
> cas.authn.mfa.trusted.timeUnit=DAY
>
> But these 2 parameters are no longer available in 6.6.13.
> I thought that this part was now delegated on the provider side, but I 
> can't find anything on the Google Auth configuration.
>
> For now, If I take a look at storage, default expiration is 1 year.
> So How to set this parameter for now ?
>
> [
> {
> "id": 1699003407119,
> "principal": "testuser",
> "deviceFingerprint": "OO5ovcvIZWMPRebiQZGGp6nK2lT1GzElrgtUN87acB8ADGOy",
> "recordDate": "2023-11-03T10:23:27+01:00",
> "recordKey": 
> "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjBjNjQyMzg3LTM3M2EtNDZkZi1iOGM3LTEyNGNlZmJiMDhlNyJ9.ZXlKNmFYQWlPaUpFUlVZaUxDSmhiR2NpT2lKa2FYSWlMQ0psYm1NaU9pSkJNVEk0UTBKRExVaFRNalUySWl3aVkzUjVJam9pU2xkVUlpd2lkSGx3SWpvaVNsZFVJdIUWhmMmt1dWFlQTQ0TFNjTmhnRDFHb1ZSVW5WejVwSWt0QWsuN3JkWkswX0lTcENaMVQ3a1BFOF9LQQ.hW-Q2nsqjhr0Dnx3LIBJilZgBRoyPAKA8RLN5x2Vtzl44lmizs4-EV-ftwU8jIx7Z7whpTgp6DASz49pc6NO8g",
> "name": "charming_wilson",
> "expirationDate": "2123-11-03T09:23:27.000+00:00"
> }
> ]
>
>
> Thanks for your help! 
> Christophe.
>
>
> Current MFA trusted devices configuration : 
> ##========================================
> ## MFA / Trusted Devices :
> ##========================================
>
> cas.authn.mfa.trusted.mongo.clientUri=mongodb://user:x@localhost:27017/cas-mongo-database
> cas.authn.mfa.trusted.mongo.collection=TrustedRepository
> cas.authn.mfa.trusted.mongo.drop-collection=false
>
> cas.authn.mfa.trusted.core.authentication-context-attribute=isFromTrustedMultifactorAuthentication
> cas.authn.mfa.trusted.core.device-registration-enabled=true
> as.authn.mfa.trusted.core.auto-assign-device-name=true
>
> cas.authn.mfa.trusted.crypto.enabled=true
> as.authn.mfa.trusted.crypto.encryption.key=xxxxxxxxxxxxxxxxxxx
> cas.authn.mfa.trusted.crypto.signing.key=xxxxxxxxxxxxxxxxxxx
>
> cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.encryption.key=xxxxxxxxxxxxxxxxxxx
>
> cas.authn.mfa.trusted.deviceFingerprint.cookie.crypto.signing.key=xxxxxxxxxxxxxxxxxxx
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/19ae7b54-b555-43c2-8602-a07a8f099decn%40apereo.org.