Thanks. I was able to get it working eventually. Part of the problem is that while CAS supports groovy scripts in multiple places, there are different conventions for how the script must be structured. I was eventually able to sort it all out.
Thanks very much for taking the time to get back with me, though. -dirk On Tue, Sep 11, 2018 at 11:10 AM Jonathan Barrett < jbarret...@murraystate.edu> wrote: > Dirk, > > Sorry for the huge delay, here's all my config related to the > cas.authn.mfa.gauth piece (sans our JPA config, since it doesn't sound like > you need it): > > cas.authn.mfa.globalFailureMode=OPEN > #cas.authn.mfa.globalPrincipalAttributeNameTriggers=mfa-user > #cas.authn.mfa.globalProviderId=mfa-gauth > cas.authn.mfa.groovyScript=file:/usr/tomcat/mfaAuthTrigger.groovy > > cas.authn.mfa.gauth.issuer=TEST > cas.authn.mfa.gauth.label=TEST > > cas.authn.mfa.gauth.windowSize=3 > cas.authn.mfa.gauth.codeDigits=6 > cas.authn.mfa.gauth.timeStepSize=30 > cas.authn.mfa.gauth.rank=0 > #cas.authn.mfa.gauth.trustedDeviceEnabled=false -- I still can't get this > to work > cas.authn.mfa.gauth.name=TEST > > cas.authn.mfa.gauth.cleaner.schedule.enabled=true > cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000 > cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000 > > Be sure the file is on a location that the tomcat user can read from. I > just put it in tomcat root for simplicity's sake. > > I hope this helps if you're still having problems. > > Thanks, > > -Jonathan > > On Wednesday, August 22, 2018 at 3:08:50 PM UTC-5, Dirk Tepe wrote: >> >> Can you provide some details regarding your configuration to get >> cas.authn.mfa.groovyScript working? I'm currently using a groovy script for >> MFA bypass successfully but now have need to use one for triggering as >> well. However, the triggering script example wraps the run method in a >> class and I've not been successful in getting it executed. CAS complains if >> I have the path to the file incorrect, so I know it's at least identifying >> that the file exists, I just can't figure out how to get it executed. >> >> Thanks, >> >> -dirk >> >> On Monday, July 2, 2018 at 3:06:05 PM UTC-4, Jonathan Barrett wrote: >>> >>> All, >>> >>> I was able to resolve the issue by rethinking my program flow and >>> instead rewrite the groovy file to run off of >>> the cas.authn.mfa.groovyScript property so it controls the trigger of MFA >>> instead of bypassing activated MFA. Better to not trigger MFA at all >>> instead of try to bypass in my case. Plus, this gave me the ability to do >>> more preprocessing to push people around to multiple MFA providers as >>> needed. Be aware that service.id at the trigger level is the URL >>> instead of the service registry name/ID. Hope this helps someone. >>> >>> -Jonathan >>> >> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/ceaf9267-c5c6-4597-b029-36487945f801%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/ceaf9267-c5c6-4597-b029-36487945f801%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJ%3D0EZx-%2BSmdfiUOoeExQ1r9h0YC%2B-4bKdMgcCbHK-3dpCK1hA%40mail.gmail.com.
