Mr. Bond, I have not configured cas for triggering multi-factor based off a singular attribute. I have for a multi-valued memberOf attribute, It should be basically the same. Here is my config for looking at the memberOf attributes: # Activate MFA globally based on principal attributes cas.authn.mfa.globalPrincipalAttributeNameTriggers=memberOf # Specify the regular expression pattern to trigger multifactor when working with a single provider. cas.authn.mfa.globalPrincipalAttributeValueRegex=CN=mfa-eligible,OU=DuoMFA, OU=Groups,DC=nsuok,DC=edu
Here is what I think you need # Activate MFA globally based on principal attributes cas.authn.mfa.globalPrincipalAttributeNameTriggers=businessCategory # Specify the regular expression pattern to trigger multifactor when working with a single provider. cas.authn.mfa.globalPrincipalAttributeValueRegex=mfa-gauth Let me know if that works for you. Robert Bond. On Wed, Aug 14, 2019 at 12:58 PM John Bond <jb...@wikimedia.org> wrote: > > > On Wednesday, August 14, 2019 at 6:50:13 PM UTC+1, John Bond wrote: >> >> >> cas.authn.mfa.globalPrincipalAttributeNameTriggers=businessCategory >> >> > I tried to use preferredLanguage instead of bussinessCategory which is a > SINGLE-VALUE[1] attribute but this made no difference > > 2019-08-14 17:56:04,201 DEBUG > [org.apereo.cas.authentication.DefaultMultifactorAuthenticationProviderResolver] > - <Located attribute value [[mfa-gauth]] for [[preferredLanguage]]> > > 2019-08-14 17:56:04,202 DEBUG > [org.apereo.cas.authentication.MultifactorAuthenticationUtils] - <Attribute > value [[mfa-gauth]] is not a single-valued attribute> > > 2019-08-14 17:56:04,204 DEBUG > [org.apereo.cas.authentication.MultifactorAuthenticationUtils] - <Ignoring > [mfa-gauth] since no matching transition could be found> > > > [1]https://ldapwiki.com/wiki/SINGLE-VALUE > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1d49b26-d8e9-423f-8831-4596aca3f189%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1d49b26-d8e9-423f-8831-4596aca3f189%40apereo.org?utm_medium=email&utm_source=footer> > . > -- Robert Bond Network Administrator (918) 444-5886 Northeastern State University -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOA9z6oGTCFTprTe8V%2Bgzm8XhT08CeLth_a82xihbAZiDFBBvw%40mail.gmail.com.
