Following up from this, I was able to get SPNEGO+Duo-MFA working by
making sure that the SPNEGO webflow is ordered before DuoSecurity webflow.
Specifically, I modified the WEBFLOW_CONFIGURER_ORDER from 0 to 50 in
DuoSecurityAuthenticationEventExecutionPlanConfiguration
private static final int WEBFLOW_CONFIGURER_ORDER = 50;
And changed SPNEGO from 100 to be 5 via in SpnegoProperties.java
private WebflowAutoConfigurationProperties webflow = new
WebflowAutoConfigurationProperties().setOrder(5);
(The numbers chosen were basically random on my part as part of
debugging; I have no strong sense of what numbers should be best).
I also noticed that google-mfa+spnego will also not work, unless spnego
is put to run before the google-mfa order (currently set to 100 as well).
I guess the question is if this is intended, if there are downsides to
changing the order of webflow, and if there is a more elegant way than
recompiling to get this to work. (I see a way to customize the webflow
in the docs, but not sure how to wire up existing flows properly).
In any case, thanks in advance for any help!
Matt
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6fab66f8-567f-47a6-8ec9-da04a852c25b%40melson.fastmail.net.
