I don't think that module supports the SAML2 protocol in CAS. If memory
serves me right, it only is functional for applications that go through
the CAS protocol and possibly SAML1.
--Misagh
From: Ian Wat [mailto:i...@bucknell.edu]
Sent: Friday, November 20, 2015 10:56 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] cas-mfa with Gmail
https://github.com/Unicon/cas-mfa
I am implementing cas-mfa with support for Duo Security. It works very
well for most applications except for our Google Apps for Education site.
Here are my observations:
- If I authenticate with MFA to Gmail on a new browser session, I get a
blank page
- All subsequent requests for Gmail succeed
- If I am a user that does not require MFA, then authenticating in a new
browser session succeeds
Observations using the web developer tool in Firefox:
No MFA required
- Google redirects to CAS with a SAMLRequest
- I enter credentials and POST to CAS
- CAS returns SAMLResponse and gets POSTed to Google at /acs
MFA is required
- After entering credentials, CAS goes back to login page with duo request
- I MFA authenticate and POST to CAS
- CAS issues a redirect to /acs on Google with the ticket id
- Google is expecting a POSTed SAMLResponse so displays a blank page
So, it seems like the SAMLResponse goes missing when the Duo Security
dialog is injected into the flow. Has anyone else run into this issue? Is
there a solution for avoiding the blank page?
--
You are currently subscribed to cas-user@lists.jasig.org
<mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net
<mailto:mmoay...@unicon.net>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user