Thanks for your feedback Mickaël,
For the second part I'm presented by the qrcode and 5 scratch codes. When I
scan the qrcode my Google Authenticator app on phone accepts it.
Then I click on register and enter the token displayed by the Google
Authenticator app and it says --> "*Credentials
While I am hitting an endpoint like :
"https://localhost:8443/cas/login?service=https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO=https://cas.org.example/cas/idp;
I am getting error like:
2019-02-22 12:31:13,015 WARN
[org.apereo.cas.web.flow.ServiceAuthorizationCheck] -<*Service
How to custom encoderpassword with cas 5.3 ?
hepl me
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Awesome! A bit frustrated that enviornment.getProperties doesn't support
list, but your implementation should be ok. Great work.
Cheers!
- Andy
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions:
Theoretically pre-auth follows the configuration of the integration. So if the
integration returns allow or bypass (been a while since I looked at it to
remember exact value), the CAS 5.2+ code won't trigger the Duo iframe to even
display. I can't remember if the CAS code was doing the pre-auth
https://community.duo.com/c/using-duo/release-notes
There isn’t anything in the Duo release notes for changes on 21st Feb….
We are on CAS5.3.4 – no impact so far – however if related to user-status, we
check this upfront outside of Duo.
Best regards,
Hari Mailvaganam
Access Application
All true, but I guess I am still confused by what Duo is doing. If
pre-auth just returns AUTH in all cases then what does it return for a
bypassed user in Duo from the Iframe? If it is a signed response then
everything should be good and CAS would assume the user was authenticated
with Duo. Any
5.1 uses a broken method for bypassing Duo. Or at least broken in some
respects. That's why you get the flash on the screen. 5.1 actually triggers the
widget, and the widget is doing the bypass. CAS doesn't know, so all of your
users under 5.1 are asserting via attribute release that they have
Hi Erik,
Can you provide an example of your AD config?
Here is an example of mine which is working on 6.1.0RC2:
## LDAP Settings ##
#
https://apereo.github.io/cas/development/configuration/Configuration-Properties-Common.html#ldap-connection-settings
### CONFIG for 6.1.0
Ok, That might explain it. Does the Duo iframe screen then flash by now
for these users when in the past it did not?
One way to get around possibly. If you have an attribute available that
marks a user has being enrolled in Duo, You can set a trigger to enforce
Duo on only those users, with
We are seeing this issue as well, CAS 5.3.4 using MFA with Duo. We believe
it is an issue Duo has introduced with their new API. See the yellow box
under “User Account Status”:
https://apereo.github.io/cas/5.3.x/installation/DuoSecurity-Authentication.html#user-account-status
Rather than wait for
Nothing has recently changed in your CAS Config?
If you can set this class to debug logging level
org.apereo.cas.authentication.DefaultAuthenticationContextValidator.
That should give you some insight into perhaps why this is getting hit.
On Thu, Feb 21, 2019 at 6:39 AM atilling wrote:
> CAS
Yes Jeremy, that's what I mean.
I'm using JPA for my service registry and the CAS manager webapp but it is
the same way.
For the second part, are you invited to enter your token code displayed by
your Google authenticator app?
If it doesn't work, perhaps your server is not at the good time. NTP
CAS version 5.1.9 using MFA with DUO. We had this working fine for about
two years at this point. Tuesday it started causing problems for our
unenrolled users. We have the DUO setting "allow unenrolled users to pass
through without two-factor authentication" but sometime around 5 pm Tuesday
Hey, I've got it working now.
Here's what I've did to get it working:
Created the following configuration to expose a bean for my properties:
@Configuration
public class MyConfiguration {
@Bean
public MyConfigurationProperties myConfigurationProperties(){
return new
Hello Erik,
have you fixed your issue? I've the same problem using passwordless
authentication.
I think I'm missing something, configuration or else.
Thank you.
Fabien
Le vendredi 8 février 2019 23:40:37 UTC+1, Erik Mallory a écrit :
>
> Hello,
>
> I’m getting the following error trying to
Hi Mickaël,
On Thursday, 21 February 2019 14:01:17 UTC+2, Mickaël wrote:
>
> Hi Jeremy,
>
> It is a great news about the scratch codes.
>
> I'm not sure to understand your question about qrcode. To register a
> device, it is possible and required when a service is registered on your
> CAS with
Hi Jeremy,
It is a great news about the scratch codes.
I'm not sure to understand your question about qrcode. To register a
device, it is possible and required when a service is registered on your
CAS with "Google Authentication" as MFA.
So, at the first login without a registered device, user
Hi Mickaël,
Thanks for your reply.
So after playing around a bit more it seems like the on screen scratch
codes is being stored in the mongodb and using that it allows me to
authenticate perfectly.
The next question is how would one register via the qrcode using the Google
Authenticator app
Hi , I upgraded Cas from 5.2.3 to 5.3.8 and when i try to use the
url
http://localhost:8080/cas/oauth2.0/authorize?response_type=code_id=_uri=http://localhost:8080/test,
cas displays default login page(For a second) before redirecting to OpenId
provider login screen. I have set autoredirect
Hi there,
Just got some testing done, it seems that either
*environment.getPreperties()* *does not support list* or is bugged
Because I tested the following (copy from
"https://stackoverflow.com/questions/39218966/what-is-null-safe-way-to-convert-array-to-string-using-thymeleaf;):
Which
21 matches
Mail list logo
