Hello, first of all, thank you for your cooperation, it helped me to find out what was the actual problem. I tried using the cas.service-registry.json.location instead of the mongo db and it worked. It seems like when CAS reads a service from a mongo database, it doesn't recognize the @class attribute, and instead it needs a definition of _class to not crash. The problem is that if you define a service using _class it wont read the "multifactorPolicy", I am not 100% sure of what is happening, further testing will be done with other attributes such as i.e. "attributeReleasePolicy".
It is certainly an uncommon problem and we do not know the source of it. If you have any insight of what could it be I will thank you! On Thursday, 24 August 2023 at 01:22:44 UTC-3 John wrote: > Are you sure that CAS is even reading your service definition? because it > looks off completely and doesn't pass json validation. Turn your logging in > log4j xml to debug and see what it spits out, > > try this as well, as the only service definition for cas, > > https://pastebin.com/mZKavp1h > > > > On Wednesday, August 23, 2023 at 2:18:44 PM UTC-5 Ray Bon wrote: > >> Diego, >> >> A service (application) can be configured to trigger MFA >> https://apereo.github.io/cas/6.6.x/mfa/Configuring-Multifactor-Authentication-Triggers-PerApplication.html >> and >> block (bypass=false) or with groovy script >> https://apereo.github.io/cas/6.6.x/mfa/Configuring-Multifactor-Authentication-Bypass.html#bypass-via-groovy >> >> Ray >> >> On Wed, 2023-08-23 at 11:23 -0700, Diego Gimenez wrote: >> >> Notice: This message was sent from outside the University of Victoria >> email system. Please be cautious with links and sensitive information. >> >> I tried using @class instead of _class for my service and CAS will not >> launch, I am struggling to find a solution. Can you show me your >> build.gradle and your cas.properties so I can try it and see if the problem >> may be in any of my local build.gradle or cas.properties? >> >> What I mean with that sentence is that I am looking for other solutions >> to trigger an MFA based on an specific service. The one that I thought >> about was using Groovy to detect certain serviceId (i.e. https/http prefix) >> and decide if it should actually trigger an MFA authentication or not. So >> the part that I am missing is how to actually block an authentication >> attempt (based on testing, I've reached that if you return null on a Groovy >> script to trigger certain MFA, the authentication will proceed, and I want >> to do the opposite). I know is not optimal, but given the fact that I am >> unable to trigger an MFA authentication by service I am looking for >> options! The image below shows an example of what I want to do. >> >> >> On Wednesday, 23 August 2023 at 13:12:06 UTC-3 John wrote: >> >> Forgot, what do you mean by this? " Is there a way to block >> authentication when using Groovy to trigger the mfa? " can you post what >> your doing in groovy to get better idea? >> >> On Wednesday, August 23, 2023 at 10:01:04 AM utc-5diego....@unc.edu.ar >> wrote: >> >> Hello John, >> >> first of all, thanks for your response. >> >> Unfortunately, it did not work. I am using the CAS overlay and set >> `cas.version=6.6.10` in `gradle.properties`. However, the trigger is still >> not working, I used a Groovy script to trigger mfa and printed the >> registered service as I did before. I have a question that is not directly >> related. Is there a way to block authentication when using Groovy to >> trigger the mfa? That would temporarily work. (The only method I found was >> to throw an exception on purpose, but that won't provide feedback to the >> user with what went wrong) >> >> On Wednesday, 23 August 2023 at 10:13:38 UTC-3 John wrote: >> >> You have an array set, there was a bug in earlier 6.6 versions and was >> fixed in a later 6.6 release. Please update to the latest 6.6.x release and >> it will work as it should. >> >> On Wednesday, August 23, 2023 at 7:50:48 AM utc-5diego....@unc.edu.ar >> wrote: >> >> Hello Ray, >> >> Sorry about that. >> >> I attach the registered service and the providers I get from the service. >> I used a Groovy script to print the registered service. >> >> I have tried using @class instead of _class and it did not made any >> difference, also tried to search through the CAS source code and I have the >> hypothesis that it might not be detecting either the policy or the >> providers I am using. >> >> On Friday, 18 August 2023 at 20:19:18 UTC-3 Ray Bon wrote: >> >> Diego, >> >> Image did not come through. >> >> Ray >> >> On Fri, 2023-08-18 at 11:46 -0700, 'Diego Gimenez' via CAS Community >> wrote: >> >> Notice: This message was sent from outside the University of Victoria >> email system. Please be cautious with links and sensitive information. >> >> >> Hello. As the title says I can't make an MFA trigger per service. Looks >> like the service can't detect such provider as shown in the following >> image[image: >> Displaying image.png] >> >> >> >> >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/12488499-f629-4f74-b1b5-992395736162n%40apereo.org.
