Hi,
A web application triggers a mfa-duo authentication with http request
parameter authn_method=mfa-duo. Is it possible to bypass this
application from using mfa-duo ?
We didn't set cas.authn.mfa.request-parameter so default value is on (
authn_method ). Tried to add these lines in service registry but without
success :
"multifactorPolicy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet",
[ "mfa-duo" ] ],
"bypassEnabled" : "true"
}
Also tried cas.authn.mfa.duo[0].bypass.http-request-remote-address
parameters but didn't work either.
Setting cas.authn.mfa.request-parameter to empty value worked but
prevent all applications from using http request to trigger mfa-duo.
Did behaviours regardings HTTP Request triggers has changed since CAS
v5.3.x ?
Best regards.
Jerome Nenert
IT Services
Université Panthéon-Assas (Paris 2)
||
||
||
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ee7ca1e-f7ca-a57f-32d0-6fb301d83ef3%40u-paris2.fr.
