[cas-user] Re: authenticationMethod mfa-simple + LdapAuthenticationHandler

Fri, 17 Nov 2023 05:03:24 -0800 

Sounds great!
Update other configs with the  format of naming convention in v6.6.x
On Friday, November 17, 2023 at 12:32:18 PM UTC+3:30 Jorge Bastida wrote:

> Hello again, 
>
> Just to say that I have solved my problem by adding this property to the 
> *cas.properties 
> *
>
> cas.authn.attribute-repository.core.merger=MULTIVALUED
>
> thanks in any case
>
> El viernes, 17 de noviembre de 2023 a las 8:37:08 UTC+1, Jorge Bastida 
> escribió:
>
>> Of course
>>
>> *cas.properties:*
>>
>> ...
>> cas.authn.mfa.simple.name=mfa-simple
>>
>> cas.authn.mfa.simple.order=1
>>
>> cas.authn.mfa.simple.token.core.timeToKillInSeconds=90
>>
>> cas.authn.mfa.simple.sms.from=Company Name
>>
>> cas.authn.mfa.simple.sms.text=Code: ${token}
>>
>> cas.authn.mfa.simple.sms.attribute-name=irisPersonalUniqueID
>>
>> ...
>>
>> cas.authn.ldap[0].name=LdapAuthenticationHandler
>>
>> cas.authn.ldap[0].hostnameVerifier=ANY
>>
>> cas.authn.ldap[0].followReferrals=true
>>
>> cas.authn.ldap[0].min-pool-size=5
>>
>> cas.authn.ldap[0].max-pool-size=100
>>
>> cas.authn.ldap[0].validateOnCheckout=false
>>
>> cas.authn.ldap[0].validatePeriodically=true
>>
>> cas.authn.ldap[0].blockWaitTime=PT5S
>>
>> cas.authn.ldap[0].connectTimeout=PT1M
>>
>> cas.authn.ldap[0].validatePeriod=PT5M
>>
>> cas.authn.ldap[0].prunePeriod=PT5M
>>
>> cas.authn.ldap[0].validateTimeout=PT5S
>>
>> cas.authn.ldap[0].responseTimeout=PT5S
>>
>> cas.authn.ldap[0].idleTime=PT5M
>>
>> cas.authn.ldap[0].poolPassivator=BIND
>>
>> cas.authn.ldap[0].type=AUTHENTICATED
>>
>> cas.authn.ldap[0].passwordPolicy.enabled=true
>>
>> cas.authn.ldap[0].passwordPolicy.type=GENERIC
>>
>> cas.authn.ldap[0].passwordPolicy.warnAll=false
>>
>> cas.authn.ldap[0].passwordPolicy.warningDays=60
>>
>>
>> cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException
>>
>> cas.authn.ldap[0].order=0
>>
>> ...
>>
>> *service.json*
>>
>> {
>>
>>   "@class": "org.apereo.cas.services.CasRegisteredService",
>>
>>   "id": 168,
>>
>>   "name": “Service Name”,
>>
>>   "description": "Service Description”,
>>
>>   "serviceId": "^http.*://service.com/.*”,
>>
>>   "evaluationOrder": 168,
>>
>>   "logoutType": "BACK_CHANNEL",
>>
>>   "authenticationPolicy" : {
>>
>>     "@class" : 
>> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
>>
>>     "requiredAuthenticationHandlers" : ["java.util.TreeSet", [ 
>> "LdapAuthenticationHandler", "mfa-simple" ]]
>>
>>   },
>>
>>   "accessStrategy": {
>>
>>     "@class": 
>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>>
>>     "enabled": true,
>>
>>     "ssoEnabled": true,
>>
>>     "delegatedAuthenticationPolicy": {
>>
>>       "@class": 
>> "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
>>
>>       "permitUndefined": false
>>
>>     },
>>
>>   "usernameAttributeProvider": {
>>
>>     "@class": 
>> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider"
>>
>>   },
>>
>>   "multifactorPolicy": {
>>
>>     "@class": 
>> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
>>
>>     "multifactorAuthenticationProviders": [
>>
>>       "java.util.LinkedHashSet",
>>
>>       [
>>
>>         "mfa-simple"
>>
>>       ]
>>
>>     ],
>>
>>     "forceExecution": true
>>
>>   },
>>
>>   "attributeReleasePolicy": {
>>
>>     "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
>>
>>     "authorizedToReleaseCredentialPassword": false,
>>
>>     "authorizedToReleaseProxyGrantingTicket": false
>>
>>   }
>>
>> }
>>
>>
>> If I access the service the value of *authenticationMethod* is:
>>
>>  [image: Captura de pantalla 2023-11-17 a las 8.10.04.png]
>>
>>
>> the log file is very large, any particular lines?
>>
>>
>>
>>
>>
>>
>>
>> El jueves, 16 de noviembre de 2023 a las 20:30:31 UTC+1, Meysam Shirazi 
>> escribió:
>>
>> Hi Jorge
>> Please share the configuration, and any log if available.
>>
>> On Thursday, November 16, 2023 at 3:22:43 PM UTC+3:30 Jorge Bastida wrote:
>>
>> Good morning, 
>>
>> In CAS 6.3.7 when authenticating a service with mfa-simple the value of 
>> authenticationMethod was: 
>>
>> authenticationMethod:
>>  1.-LdapAuthenticationHandler
>>  2.- mfa-simple
>>
>> However in 6.6.13 when I authenticate an identical service the value of 
>> my authenticationMethod is the following.
>> authenticationMethod: mfa-simple
>>
>> The LdapAuthenticationHandler registry is lost, is there any way to 
>> replicate the CAS 6.3.7 behavior in 6.6.13?
>>
>> Thank you very much in advance.
>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1c90da7-2b22-4989-9577-be927a4aec91n%40apereo.org.

Reply via email to