We have multiple instances of Duo defined with distinct IDs: E.g.:
cas.authn.mfa.duo[0].id=mfa-duo cas.authn.mfa.duo[0].rank=0 cas.authn.mfa.duo[1].id=mfa-duo-alt cas.authn.mfa.duo[1].rank=1 Prior to enabling multiple instances, we just relied on this global property to provide the default ID. cas.authn.mfa.global-provider-id=mfa-duo I'm pretty sure we've empirically determined that setting instance duo[n].id properties as well as global-provider-id is incompatible and results in unreliable behaviour in terms of what actually gets invoked during authentication. Can someone confirm this? Unfortunately, I can't find CAS documentation for global-provider-id – search doesn't turn up anything useful, nor do I find it on the page documenting "Multifactor Authentication"[*] We're currently configuring the Duo ID to use in each service registration with "multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [ "mfa-duo" ] ], or "multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [ "mfa-duo-alt" ] ], Does the duo.rank property do anything here if we're explicitly only specifying one or the other duo.id? [*] < https://apereo.github.io/cas/7.0.x/mfa/Configuring-Multifactor-Authentication.html > -- Baron Fujimoto <[email protected]> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL31kZFCGw%2B_28YsfFoEfbrvfvGRRyXwPsTqPHYP68XKxg%40mail.gmail.com.
