I tried all different ways to get MFA triggers to work with CAS and let the
user decide which one to use, scenarios I tested,
Triggers:
Groovy Per Application- only works for single provider
Principal Attribute - used multi-valued attribute in ldap, set to mfa-gauth
and mfa-webathn, but CAS wil
I used CAS v6.4 it's ok for me.
I think there something wrong with your configuration. You defined the
scopes (scopes=openid,profile,emai), CAS will use these as attributes
release policy, the scopes email will only release attributes email and
email_verified, profile will release name, given_n