Hello Trüe Same think here with yubikey too.
But have you trier the mfa-webauth, it's working out-the-box in CAS 6.5.9.4. But you're right thé u2f screen doesn't seem to working correctly. Like you the yubikey flashes But touchibg it does nothong to CAS. we would prefer to use u2f with yubikey rather than mfa-webauthn. Thanks Le mer. 20 sept. 2023, 13:05, Hartmut Trüe <[email protected]> a écrit : > Hello, > > i am trying to get CAS running with mfa. > > I configured mfa-simple, mfa-yubikey and mfa-u2f. > mfa-simple is working as expected, the other two do not. > > Trying mfs-yubikey: > after entering username and password it asks me for a token and a device > name. If I enter a OPT in the token field > If I enter a OTP in the token field the message is " Unable to register > your YubiKey device for authentication. Provided token may be invalid, > expired or otherwise compromised." > and the logs: > 2023-09-20 12:39:00,999 DEBUG > [org.apereo.cas.adaptors.yubikey.YubiKeyMultifactorAuthenticationProvider] > - <Pinging YubiKey API endpoint at [ > https://api.yubico.com/wsapi/2.0/verify]> > 2023-09-20 12:39:01,100 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] > - <Response code received from server matched [200].> > 2023-09-20 12:39:01,100 DEBUG > [org.apereo.cas.adaptors.yubikey.YubiKeyMultifactorAuthenticationProvider] > - <Received YubiKey ping response [h=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= > t=2023-09-20T10:39:01Z0089 > status=MISSING_PARAMETER > ... > 2023-09-20 12:42:18,467 ERROR > [org.apereo.cas.adaptors.yubikey.DefaultYubiKeyAccountValidator] - <The OTP > is too short to be valid> > or > 2023-09-20 12:41:11,292 ERROR > [org.apereo.cas.adaptors.yubikey.DefaultYubiKeyAccountValidator] - <The OTP > is not a valid format> > > Then I tried Yubikey U2F: after entering username and password there > comes a page with " Please touch the flashing U2F device now." I would > expect a popup for the fido pin, but nothing happens. The device (5C NFC) > is connected via USB, but it is not flashing and touching has no effect. > > It is all on Windows 11 with Firefox 117, Chrome 117. > > What am I missing? Any ideas or hints? > > Regards, > Hartmut > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/bdd65724-6ca2-494a-92e1-5a3f8d493d14n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bdd65724-6ca2-494a-92e1-5a3f8d493d14n%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BM02YtHh8wpTXQNO%3DXxrbWrZj-3BEU6HCDT52b8yTxBX6jNRA%40mail.gmail.com.
