Thank you for all the replies. I think we're still using the Duo
integration method to integrate with CAS that was prevalent circa CAS 5.x
(Duo SDK?). I think at the time we finally upgraded to CAS 6.x, the Duo
universal prompt stuff was still documented as not quite fully baked and
"coming soon",
Hi Mike,
We are on the latest version of CAS 6.5 and using Duo's Universal Prompt
since April 5th. We ran into some initial problems while testing, and
specific to the surrogate authentication feature of CAS, but that was
fixed. We are happy with it and have received positive feedback from our
So as not to co-opt Baron's "CAS 6.5 w/ Duo MFA, was MFA actually used?"
thread where Ray brings up Universal Prompt, I'm starting a new one.
I seem to remember a while back there were issues with CAS + Duo's
Universal Prompt. Is anyone using it successfully/happily in production, or
is it better
Baron,
We have been setting mfa in the service definition; some services are
mandatory, others optional. Users can opt to enrol in duo in another internal
application (where they can update other personal data, etc).
I have experimented with (but not used in prod):
# Specify the regular
We are also non-mandatory MFA at present, and doing what Richard suggests.
If they are a memberOf the AD group in question, they are required to Duo,
regardless of service.
# Active Directory LDAP connection
cas.authn.attributeRepository.ldap[0].attributes.memberOf=mfaAttribute
How are you triggering MFA / Duo? You likely only want to trigger Duo on
a local attribute and setup the integration to force Duo always. If you
are leaving it up to Duo to decide if the user is enrolled and bypass if
not, the old Duo Web integration couldn't tell you what happen, just
that
We're currently using CAS 6.5 with Duo for MFA. While the MFA itself works,
we're trying to find some way of determining whether MFA was actually used
during a user's authentication.
MFA is not mandatory for our users, and they must opt-in and enroll
themselves with Duo. We can see that when a
that did it!
thank you so much, I was really pulling my hair out on that one.
On Thursday, July 28, 2022 at 12:27:45 PM UTC-4 Ray Bon wrote:
> Nathan,
>
> You can pass path locations as environment variables to the container or
> java:
>
>
>