Re: [cas-user] Multiple Duo Instances

2018-02-08 Thread Man H
Start a new thread with full information such as version pom properties startup log with debug set etc ... El jueves, 8 de febrero de 2018, brian mancuso escribió: > Alright Misagh and Manfredo, I believe you're both putting me on the right > track with this. Unfortunately, I haven't used a groo

Re: [cas-user] Multiple Duo Instances

2018-02-08 Thread brian mancuso
Hey Manfredo, I'm actually trying to go with the bypass vs the provider selector: Shown Here . I'm hoping to simplify the environment to only one Duo instance with the use of an LDAP attribute

Re: [cas-user] Multiple Duo Instances

2018-02-08 Thread Man H
In version 5.2 this should be cas.authn.mfa.providerSelectorGroovyScript=file:/etc/cas/wathever.groovy El jueves, 8 de febrero de 2018, brian mancuso escribió: > Alright Misagh and Manfredo, I believe you're both putting me on the right > track with this. Unfortunately, I haven't used a groovy

Re: [cas-user] Multiple Duo Instances

2018-02-08 Thread brian mancuso
Alright Misagh and Manfredo, I believe you're both putting me on the right track with this. Unfortunately, I haven't used a groovy script before and I'm having trouble getting it to get picked up by CAS. Could either of you help with this example? */etc/cas/selectiveDuo.groovy:* def String run

Re: [cas-user] Multiple Duo Instances

2018-02-07 Thread Misagh Moayyed
/DefaultDuoMultifactorAuthenticationProvider.java#L94 --Misagh > From: "brian mancuso" > To: "CAS Community" > Cc: "Misagh Moayyed" > Sent: Wednesday, February 7, 2018 11:56:22 AM > Subject: Re: [cas-user] Multiple Duo Instances > Hey Misagh, > Could you point me to something abo

Re: [cas-user] Multiple Duo Instances

2018-02-07 Thread brian mancuso
er MFA. There is also > the built-in ability to check with Duo directly to see if the user has in > fact registered for MFA/Duo and does have an account. > > --Misagh > > -- > > *From: *"Man H" > > *To: *cas-...@apereo.org > *

Re: [cas-user] Multiple Duo Instances

2018-02-06 Thread Misagh Moayyed
Tuesday, February 6, 2018 10:56:18 AM > Subject: Re: [cas-user] Multiple Duo Instances > So in my opinion you have a globaltriggerpolicy mfa-duo and eg a groovy > trigger > for employees. > https://apereo.github.io/cas/5.2.x/installation/Configuring-Multifactor-Authentication

Re: [cas-user] Multiple Duo Instances

2018-02-06 Thread Man H
So in my opinion you have a globaltriggerpolicy mfa-duo and eg a groovy trigger for employees. https://apereo.github.io/cas/5.2.x/installation/Configuring-Multifactor-Authentication-Triggers.html 2018-02-06 12:18 GMT-03:00 brian mancuso : > I'm open to any solution that simplifies things and me

Re: [cas-user] Multiple Duo Instances

2018-02-06 Thread Man H
This triggers (assuming you're on 5.2) are not useful? # Activate MFA globally based on authentication metadata attributes # cas.authn.mfa.globalAuthenticationAttributeNameTriggers=memberOf,eduPersonPrimaryAffiliation # cas.authn.mfa.globalAuthenticationAttributeValueRegex=faculty|staff# Activate

Re: [cas-user] Multiple Duo Instances

2018-02-06 Thread brian mancuso
I'm open to any solution that simplifies things and meets the needs. When I'd read the documentation, it seemed custom triggers were the way to go here. To give a little more information, I have students and employees that both need to login via CAS to several systems. For some of those systems

Re: [cas-user] Multiple Duo Instances

2018-02-06 Thread Man H
Couldn't this be achieved through custom authentication handler? El martes, 6 de febrero de 2018, brian mancuso escribió: > We would like to allow users in a specific ldap group the ability to > optionally bypass Duo for a given service if the user is not signed up for > a 2fa account. Essential