Hello, It has been fixed there https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f
Verify that you version of CAS is newer than that commit, it should be fine. Regards Le 13/04/2021 à 13:04, Bartosz Nitkiewicz a écrit : > Hi, > The setup looks like this: > > CAS + Vault (config file) + LDAP + 2FA (mfa-gauth) + redis for gauth > and ticket registration. > > After testing before production deployment I've noticed that user can > authorize providing user and pass, when asking for Gauth token*it can > be anything (even one character)* and CAS will pass it through. I > don't know where I have mistake: > > Here is my config form VAULT > > > "cas.authn.mfa.gauth.crypto.encryption.key": "[redacted]", > "cas.authn.mfa.gauth.crypto.signing.key": "[redacted]", > "cas.authn.mfa.gauth.issuer": "CAS", > "cas.authn.mfa.gauth.label": "CAS", > "cas.authn.mfa.gauth.multiple-device-registration-enabled": "false", > "cas.authn.mfa.gauth.name": "CAS", > "cas.authn.mfa.gauth.redis.database": "0", > "cas.authn.mfa.gauth.redis.host": "localhost", > "cas.authn.mfa.gauth.redis.password": "[redacted]", > "cas.authn.mfa.gauth.redis.port": "6379", > "cas.authn.mfa.gauth.redis.read-from": "MASTER", > "cas.authn.mfa.gauth.redis.timeout": "2000", > "cas.authn.mfa.gauth.redis.use-ssl": "false", > "cas.authn.mfa.global-provider-id": "mfa-gauth", > > "cas.authn.mfa.triggers.principal.global-principal-attribute-name-triggers": > "memberOf", > > "cas.authn.mfa.triggers.principal.global-principal-attribute-value-regex": > "[redacted]" > > Maybe its ticket registering with redis: > > "cas.ticket.registry.redis.crypto.alg": "AES", > "cas.ticket.registry.redis.crypto.enabled": "false", > "cas.ticket.registry.redis.crypto.encryption.key": "", > "cas.ticket.registry.redis.crypto.encryption.key-size": "16", > "cas.ticket.registry.redis.crypto.signing.key": "", > "cas.ticket.registry.redis.crypto.signing.key-size": "512", > "cas.ticket.registry.redis.database": "1", > "cas.ticket.registry.redis.host": "localhost", > "cas.ticket.registry.redis.password": "[redacted]", > "cas.ticket.registry.redis.pool.enabled": "false", > "cas.ticket.registry.redis.pool.fairness": "false", > "cas.ticket.registry.redis.pool.lifo": "true", > "cas.ticket.registry.redis.pool.max-active": "8", > "cas.ticket.registry.redis.pool.max-idle": "8", > "cas.ticket.registry.redis.pool.max-wait": "-1", > "cas.ticket.registry.redis.pool.min-evictable-idle-time-millis": "0", > "cas.ticket.registry.redis.pool.min-idle": "0", > "cas.ticket.registry.redis.pool.num-tests-per-eviction-run": "0", > > "cas.ticket.registry.redis.pool.soft-min-evictable-idle-time-millis": "0", > "cas.ticket.registry.redis.pool.test-on-borrow": "false", > "cas.ticket.registry.redis.pool.test-on-create": "false", > "cas.ticket.registry.redis.pool.test-on-return": "false", > "cas.ticket.registry.redis.pool.test-while-idle": "false", > "cas.ticket.registry.redis.port": "6379", > "cas.ticket.registry.redis.timeout": "2000", > "cas.ticket.registry.redis.use-ssl": "false", > > Any hints? > Regards > Bartek > > -- > - Website: https://apereo.github.io/cas <https://apereo.github.io/cas> > - Gitter Chatroom: https://gitter.im/apereo/cas > <https://gitter.im/apereo/cas> > - List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7> > - Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG> > --- > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to cas-user+unsubscr...@apereo.org > <mailto:cas-user+unsubscr...@apereo.org>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aac5f3d-d9a7-4455-9639-bf8ce2be695en%40apereo.org?utm_medium=email&utm_source=footer>. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e9ef7528-85cf-4a92-7f56-d74c8e053a84%40ch-poitiers.fr.