Hello, I'm trying to deploy a *CAS v4.x* instance with MFA where I need the triplet (*username, password and optional otp*) as credentials.
With previous version 3.5.x I could do this by creating my own needed classes, I can remember these at least: - *UsernamePasswordOtpCredentials * - *UsernamePasswordOtpCredentialsToPrincipalResolver * - *AbstractUsernamePasswordOtpAuthenticationHandler * - *CustomSearchModeSearchDatabaseAuthenticationHandler* Also I had to modify the web-flow and for sure the login-view. Now in the new version, I'm reading about new features: http://jasig.github.io/cas/4.0.x/installation/Configuring-Authentication-Components.html#authentication-manager Where policies might solve the problem, *but looks like I still need to re-define or extend standard classes like I did before cause I don't have a credential of three attributes as I need.* While searching, I found there is new invented credential ` *OneTimePasswordCredential*` but it's also insufficient for my case. Finally, I really waited for this new version and exactly for this new feature, am I going wrong in my believes about it? or is there anything missing? Any help is appreciated. Best regards. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
