With debug on I can see it being skipped?? Of course I have attributes defined and WANT it to trigger, and the attributes/values match and still says its skipping
DEBUG [org.apereo.cas.authentication.DefaultMultifactorAuthenticationProviderResolver] - <Locating attribute value for attribute(s): [[eduPersonAffiliation]].> DEBUG [org.apereo.cas.authentication.DefaultMultifactorAuthenticationProviderResolver] - <Located attribute value [[staff]] for [[eduPersonAffiliation]]> DEBUG [org.apereo.cas.authentication.MultifactorAuthenticationUtils] - <Attribute value [staff] is a single-valued attribute> .... .... DEBUG [org.apereo.cas.authentication.mfa.trigger.RegisteredServiceMultifactorAuthenticationTrigger] - <Authentication policy for [^(http|https)://changed.name.com.*] has defined principal attribute triggers. Skipping...> On Wednesday, March 2, 2022 at 9:19:51 AM UTC-6 John wrote: > I have added the "Principal Attribute Per Application" MFA setting, CAS > 6.4.6 , and MFA never triggers, if I remove the > principalAttributeNameTrigger and principalAttributeValueToMatch it works > just fine. I can see in the console and logs, the attribute values are > retrieved from ldap and doesnt trigger still. See below, the attribute > eduPersonAffiliation=staff but doesnt trigger. Anything else need to be set > to get it working? > > console log: > > multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[mfa-gauth, > > mfa-webauthn], failureMode=UNDEFINED, > principalAttributeNameTrigger=eduPersonAffiliation, > principalAttributeValueToMatch=staff, bypassEnabled=false, > forceExecution=true, bypassTrustedDeviceEnabled=false, > bypassPrincipalAttributeName=null, bypassPrincipalAttributeValue=null, > script=null) > > audit log: > > "attributes\":{\"cn\":[\"changed name\"],\"displayName\":[\"changed > name\"],\"eduPersonAffiliation\":[\"staff\"], > > service: > > "multifactorPolicy": > { > "@class": > "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy", > "multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [ > "mfa-gauth", "mfa-webauthn"] ], > "principalAttributeNameTrigger" : "eduPersonAffiliation", > "principalAttributeValueToMatch" : "staff", > }, > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4d18130d-779a-4026-89da-00e7cadee55an%40apereo.org.