Not sure if this is a weird local config or some sort of bug.
I have these set globally in cas.properties.
cas.authn.mfa.duo[0].bypass.principal-attribute-name=mfaDisable
cas.authn.mfa.duo[0].bypass.principal-attribute-value=nomfa
When SAML IdP support is included in the WAR overlay with:
implementation "org.apereo.cas:cas-server-support-saml-idp",
I get a NullPointerException after the Duo Push when the mfaDisable
attribute is null.
and I include it in the list of released attributes in the service
definition like this:
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "cn", "mail", "sn",
"uid", "displayName", "memberOf", "mfaDisable", "sAMAccountName",
"departmentNumber" ] ]
}
If I remove it from this list, there is no exception. The departmentNumber
attribute is also null and does not trigger the exception.
If the mfaDisable attribute has a value, the exception is not triggered.
Also, if I remove SAML IdP support from the WAR overlay, it does not
trigger an exception.
My workaround for now is to remove the mfaDisable attribute while keeping
SAML support.
Any ideas?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a94963c7-dcdc-4353-a83d-242dafd29be7n%40apereo.org.
