We are currently running CAS 7.0.x with the "cas-server-support-duo" dependency in our build.gradle overlay.
In response to an advisory from Duo re "Duo root certificate authority bundle replacement" (action required by 2025-02-02) <https://help.duo.com/s/article/9451> We tried to determine if we were affected by this. Duo reports in our Unsupported Clients log many entries that are tied to our Identification Key for the Duo app used by our CAS service. It's unclear to us though whether these entries represented CAS itself, or clients using our CAS service. Our initial analysis suggested to us that these entries represented CAS clients using our CAS service. However, we received the following response to our query to Duo support: *With CAS, since this is a third party application that has integrated Duo, > our team recently got a confirmation from CAS that they have made an update > available for the upcoming CA bundle replacement, and you must perform some > upgrade or configuration action to use it.* And they provided links to the CAS 7.3.0 Duo Security MFA documentation: <https://apereo.github.io/cas/7.3.x/mfa/DuoSecurity-Authentication.html> So is the CAS server actually affected by this issue if using "cas-server-support-duo"? If so, what is the minimum CAS server version required to address this? If there are release notes or something comparable that covers this, a pointer to those would be appreciated as well. -- Baron Fujimoto <[email protected]> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL04kHAMDz2m-i_3v%3Dib4WVc7swCkaR9MGTAvG%3DYpP1EZA%40mail.gmail.com.
