You shouldnt need groovy for that, what you want I believe is Failure mode, see here
https://apereo.github.io/cas/6.6.x/mfa/Configuring-Multifactor-Authentication-FailureModes.html ""failureMode" : "CLOSED" CLOSED = Disallow MFA and block authentication. On Wednesday, August 23, 2023 at 2:18:44 PM UTC-5 Ray Bon wrote: > Diego, > > A service (application) can be configured to trigger MFA > https://apereo.github.io/cas/6.6.x/mfa/Configuring-Multifactor-Authentication-Triggers-PerApplication.html > and > block (bypass=false) or with groovy script > https://apereo.github.io/cas/6.6.x/mfa/Configuring-Multifactor-Authentication-Bypass.html#bypass-via-groovy > > Ray > > On Wed, 2023-08-23 at 11:23 -0700, Diego Gimenez wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > I tried using @class instead of _class for my service and CAS will not > launch, I am struggling to find a solution. Can you show me your > build.gradle and your cas.properties so I can try it and see if the problem > may be in any of my local build.gradle or cas.properties? > > What I mean with that sentence is that I am looking for other solutions to > trigger an MFA based on an specific service. The one that I thought about > was using Groovy to detect certain serviceId (i.e. https/http prefix) and > decide if it should actually trigger an MFA authentication or not. So the > part that I am missing is how to actually block an authentication attempt > (based on testing, I've reached that if you return null on a Groovy script > to trigger certain MFA, the authentication will proceed, and I want to do > the opposite). I know is not optimal, but given the fact that I am unable > to trigger an MFA authentication by service I am looking for options! The > image below shows an example of what I want to do. > > > On Wednesday, 23 August 2023 at 13:12:06 UTC-3 John wrote: > > Forgot, what do you mean by this? " Is there a way to block authentication > when using Groovy to trigger the mfa? " can you post what your doing in > groovy to get better idea? > > On Wednesday, August 23, 2023 at 10:01:04 AM utc-5diego....@unc.edu.ar > wrote: > > Hello John, > > first of all, thanks for your response. > > Unfortunately, it did not work. I am using the CAS overlay and set > `cas.version=6.6.10` in `gradle.properties`. However, the trigger is still > not working, I used a Groovy script to trigger mfa and printed the > registered service as I did before. I have a question that is not directly > related. Is there a way to block authentication when using Groovy to > trigger the mfa? That would temporarily work. (The only method I found was > to throw an exception on purpose, but that won't provide feedback to the > user with what went wrong) > > On Wednesday, 23 August 2023 at 10:13:38 UTC-3 John wrote: > > You have an array set, there was a bug in earlier 6.6 versions and was > fixed in a later 6.6 release. Please update to the latest 6.6.x release and > it will work as it should. > > On Wednesday, August 23, 2023 at 7:50:48 AM utc-5diego....@unc.edu.ar > wrote: > > Hello Ray, > > Sorry about that. > > I attach the registered service and the providers I get from the service. > I used a Groovy script to print the registered service. > > I have tried using @class instead of _class and it did not made any > difference, also tried to search through the CAS source code and I have the > hypothesis that it might not be detecting either the policy or the > providers I am using. > > On Friday, 18 August 2023 at 20:19:18 UTC-3 Ray Bon wrote: > > Diego, > > Image did not come through. > > Ray > > On Fri, 2023-08-18 at 11:46 -0700, 'Diego Gimenez' via CAS Community wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hello. As the title says I can't make an MFA trigger per service. Looks > like the service can't detect such provider as shown in the following > image[image: > Displaying image.png] > > > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/222bfd55-d91b-4652-ba94-3eb66980cc13n%40apereo.org.
