You shouldnt need groovy for that, what you want I believe is Failure mode, see here
https://apereo.github.io/cas/6.6.x/mfa/Configuring-Multifactor-Authentication-FailureModes.html ""failureMode" : "CLOSED" CLOSED = Disallow MFA and block authentication. On Wednesday, August 23, 2023 at 2:18:44 PM UTC-5 Ray Bon wrote: > Diego, > > A service (application) can be configured to trigger MFA > https://apereo.github.io/cas/6.6.x/mfa/Configuring-Multifactor-Authentication-Triggers-PerApplication.html > and > block (bypass=false) or with groovy script > https://apereo.github.io/cas/6.6.x/mfa/Configuring-Multifactor-Authentication-Bypass.html#bypass-via-groovy > > Ray > > On Wed, 2023-08-23 at 11:23 -0700, Diego Gimenez wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > I tried using @class instead of _class for my service and CAS will not > launch, I am struggling to find a solution. Can you show me your > build.gradle and your cas.properties so I can try it and see if the problem > may be in any of my local build.gradle or cas.properties? > > What I mean with that sentence is that I am looking for other solutions to > trigger an MFA based on an specific service. The one that I thought about > was using Groovy to detect certain serviceId (i.e. https/http prefix) and > decide if it should actually trigger an MFA authentication or not. So the > part that I am missing is how to actually block an authentication attempt > (based on testing, I've reached that if you return null on a Groovy script > to trigger certain MFA, the authentication will proceed, and I want to do > the opposite). I know is not optimal, but given the fact that I am unable > to trigger an MFA authentication by service I am looking for options! The > image below shows an example of what I want to do. > > > On Wednesday, 23 August 2023 at 13:12:06 UTC-3 John wrote: > > Forgot, what do you mean by this? " Is there a way to block authentication > when using Groovy to trigger the mfa? " can you post what your doing in > groovy to get better idea? > > On Wednesday, August 23, 2023 at 10:01:04 AM [email protected] > wrote: > > Hello John, > > first of all, thanks for your response. > > Unfortunately, it did not work. I am using the CAS overlay and set > `cas.version=6.6.10` in `gradle.properties`. However, the trigger is still > not working, I used a Groovy script to trigger mfa and printed the > registered service as I did before. I have a question that is not directly > related. Is there a way to block authentication when using Groovy to > trigger the mfa? That would temporarily work. (The only method I found was > to throw an exception on purpose, but that won't provide feedback to the > user with what went wrong) > > On Wednesday, 23 August 2023 at 10:13:38 UTC-3 John wrote: > > You have an array set, there was a bug in earlier 6.6 versions and was > fixed in a later 6.6 release. Please update to the latest 6.6.x release and > it will work as it should. > > On Wednesday, August 23, 2023 at 7:50:48 AM [email protected] > wrote: > > Hello Ray, > > Sorry about that. > > I attach the registered service and the providers I get from the service. > I used a Groovy script to print the registered service. > > I have tried using @class instead of _class and it did not made any > difference, also tried to search through the CAS source code and I have the > hypothesis that it might not be detecting either the policy or the > providers I am using. > > On Friday, 18 August 2023 at 20:19:18 UTC-3 Ray Bon wrote: > > Diego, > > Image did not come through. > > Ray > > On Fri, 2023-08-18 at 11:46 -0700, 'Diego Gimenez' via CAS Community wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hello. As the title says I can't make an MFA trigger per service. Looks > like the service can't detect such provider as shown in the following > image[image: > Displaying image.png] > > > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/222bfd55-d91b-4652-ba94-3eb66980cc13n%40apereo.org.
