Diego, A service (application) can be configured to trigger MFA https://apereo.github.io/cas/6.6.x/mfa/Configuring-Multifactor-Authentication-Triggers-PerApplication.html and block (bypass=false) or with groovy script https://apereo.github.io/cas/6.6.x/mfa/Configuring-Multifactor-Authentication-Bypass.html#bypass-via-groovy
Ray On Wed, 2023-08-23 at 11:23 -0700, Diego Gimenez wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I tried using @class instead of _class for my service and CAS will not launch, I am struggling to find a solution. Can you show me your build.gradle and your cas.properties so I can try it and see if the problem may be in any of my local build.gradle or cas.properties? What I mean with that sentence is that I am looking for other solutions to trigger an MFA based on an specific service. The one that I thought about was using Groovy to detect certain serviceId (i.e. https/http prefix) and decide if it should actually trigger an MFA authentication or not. So the part that I am missing is how to actually block an authentication attempt (based on testing, I've reached that if you return null on a Groovy script to trigger certain MFA, the authentication will proceed, and I want to do the opposite). I know is not optimal, but given the fact that I am unable to trigger an MFA authentication by service I am looking for options! The image below shows an example of what I want to do. On Wednesday, 23 August 2023 at 13:12:06 UTC-3 John wrote: Forgot, what do you mean by this? " Is there a way to block authentication when using Groovy to trigger the mfa? " can you post what your doing in groovy to get better idea? On Wednesday, August 23, 2023 at 10:01:04 AM [email protected] wrote: Hello John, first of all, thanks for your response. Unfortunately, it did not work. I am using the CAS overlay and set `cas.version=6.6.10` in `gradle.properties`. However, the trigger is still not working, I used a Groovy script to trigger mfa and printed the registered service as I did before. I have a question that is not directly related. Is there a way to block authentication when using Groovy to trigger the mfa? That would temporarily work. (The only method I found was to throw an exception on purpose, but that won't provide feedback to the user with what went wrong) On Wednesday, 23 August 2023 at 10:13:38 UTC-3 John wrote: You have an array set, there was a bug in earlier 6.6 versions and was fixed in a later 6.6 release. Please update to the latest 6.6.x release and it will work as it should. On Wednesday, August 23, 2023 at 7:50:48 AM [email protected] wrote: Hello Ray, Sorry about that. I attach the registered service and the providers I get from the service. I used a Groovy script to print the registered service. I have tried using @class instead of _class and it did not made any difference, also tried to search through the CAS source code and I have the hypothesis that it might not be detecting either the policy or the providers I am using. On Friday, 18 August 2023 at 20:19:18 UTC-3 Ray Bon wrote: Diego, Image did not come through. Ray On Fri, 2023-08-18 at 11:46 -0700, 'Diego Gimenez' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello. As the title says I can't make an MFA trigger per service. Looks like the service can't detect such provider as shown in the following image[Displaying image.png] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0338b3c74afa45c9f024902444a95c32f8de84f0.camel%40uvic.ca.
