Hello, I am trying out CAS 7 with the embedded Tomcat instance. I noticed a change in behavior that will impact my authentication flow and wanted to see if anyone else has come across it and found a work around.
I run my CAS server over port 8443 but, for user convenience, I forward traffic from port 443 to 8443. This way my users can access SSO without specifying a port number. In the past I have had no issues visiting https://my.cas.server/cas/login, authenticating via LDAP, then MFA via Duo. On CAS 7, it seems like CAS is more aware of the URL used during authentication though. When I visit the URL without port 8443 specified, I can LDAP auth and MFA through Duo, but upon *return* from Duo to CAS I receive the "MFA provider unavailable" message. If I specify the port, https://my.cas.server*:8443*/cas/login, I have no trouble returning to CAS after Duo MFA. If I can't get this to work, I'll have to reach out to all my CAS services and notify my organization to update any links. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5be8a8f9-9921-498d-8219-773ab3011248n%40apereo.org.
