[cas-user] Re: cas5 MFA for SAML2 SP

Thu, 17 Nov 2016 09:35:15 -0800 

I was able to trigger it using the Opt-In Request Parameter but is there a 
way to do it using entityID in SAML2 SP service registry JSON ?

On Thursday, November 17, 2016 at 11:17:59 AM UTC-6, K S wrote:
>
> Can MFA can be triggered for a specific SAML2 SP inside the CAS service 
> registry. I am using following JSON but it's not triggering the DUO login . 
> I am able to login to SP though.
>
> {
>   @class: org.apereo.cas.support.saml.services.SamlRegisteredService
>   serviceId: 
> https://localhost:8443/spring-security-saml2-sample/saml/metadata
>   name: SAMLService
>   id: 10000023
>   description: SAML Client Metadata
>   evaluationOrder: 10
>   logoutType: BACK_CHANNEL
>   attributeReleasePolicy:
>   {
>     @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
>     principalAttributesRepository:
>     {
>       @class: 
> org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository
>       expiration: 2
>       timeUnit: HOURS
>     }
>     authorizedToReleaseCredentialPassword: false
>     authorizedToReleaseProxyGrantingTicket: false
>   }
>   multifactorPolicy:
>   {
>     @class: 
> org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
>     multifactorAuthenticationProviders:
>     [
>       java.util.HashSet
>       [
>         mfa-duo
>       ]
>     ]
>     failureMode: CLOSED
>     principalAttributeNameTrigger: eduPersonAffiliation
>     principalAttributeValueToMatch: alum
>   }
>   accessStrategy:
>   {
>     @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
>     enabled: true
>     ssoEnabled: true
>     requireAllAttributes: true
>     caseInsensitive: false
>   }
>   metadataLocation: /home/cas/spring-security-saml.xml
>   metadataMaxValidity: 0
>   signAssertions: false
>   signResponses: true
>   encryptAssertions: false
>   metadataCriteriaRoles: SPSSODescriptor
>   metadataCriteriaRemoveEmptyEntitiesDescriptors: true
>   metadataCriteriaRemoveRolelessEntityDescriptors: true
> }
>
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/708c1df4-56bb-4e38-81a4-aec7bc687170%40apereo.org.

Reply via email to