Hello again, As it was my first post here, I wanted to share my solution for this... My case was, for the JPA backed totp mfa-gauth config, i was wondering how to handle the removal of the registered user gauth configs, since registration can be handled inside CAS.
I see that CAS has some actuator endpoints for the handling(i.e: fetch and delete user configs) of the mfa-gauth operations. I've read from docs <https://apereo.github.io/cas/7.3.x/mfa/GoogleAuthenticator-Authentication.html#actuator-endpoints>, configured it and used the GET and DELETE */cas/actuator/gauthCredentialRepository/{username} *to fetch and remove user configs. I've put a button in my app, in user's settings page, logged in user's mfa-gauth config would be fetched from the GET endpoint and shown, and when that button is pressed, user's mfa-gauth config would be removed by calling the CAS actuator endpoint. Thank you and have a nice day. 25 Mayıs 2024 Cumartesi tarihinde saat 17:30:37 UTC+3 itibarıyla Y G şunları yazdı: > Thank you for the reference, > i'll start checking this out... > > 25 Mayıs 2024 Cumartesi tarihinde saat 06:39:38 UTC+3 itibarıyla Ray Bon > şunları yazdı: > > Yusuf, > > Is this what you are looking for, > https://apereo.github.io/cas/7.0.x/registration/Account-Management-Overview.html#multifactor-registered-devices > > Ray > > On Fri, 2024-05-24 at 02:15 -0700, Y G wrote: > > You don't often get email from [email protected]. Learn why this is > important <https://aka.ms/LearnAboutSenderIdentification> > > Hello everyone, > After spending a week or two in documentation, thoroughly reading and > learning about setting up CAS, i finally have the confidence and courage to > register and write here. > > I'd like to have some recommendations about setting up and removing gauth > registration for a user, upon request. > > 1. I was thinking about gauth registration, i could do this by writing a > small app, with service registry setting on cas to force mfa-gauth which > first makes the user login with username and password, and then gauth > registration details (qr and scratch codes) page appear, and user just > registers there. For next logins on the other services, if user has a > record of gauth (i.e looking up in the > google_authenticator_registration_record table with username - on a JPA > provided gauth-mfa) i'll provide some triggerring attributes on the > principal. Is this thinking ok? > > 2. I haven't figured out a way for users with gauth to > unregister/disable/delete the gauth functionality, any recommendations for > this? Another mini-app that deletes the reg-record of username and scratch > codes? > > > Thank you and best regards. > YG > > > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ee8fcb5f-f735-49e7-88b0-11323a9f1c25n%40apereo.org.
