Re: [cas-user] Radius -MFA in cas 6.6.8

it to the resulting > list. > Regards > Petr > > ______ > > Od: "Vikash Chandra Ansh" > > Komu: "Petr Bodnár" , "CAS Community" < > cas-user@apereo.org> > > Datum: 13.09.2023

Re: [cas-user] Radius -MFA in cas 6.6.8

properties, it creates (logically) just one RadiusServer instance and puts it to the resulting list.RegardsPetr__ Od: "Vikash Chandra Ansh" Komu: "Petr Bodnár" , "CAS Community" Datum: 13.09.2023 11:16 Předmět:

Re: [cas-user] Radius -MFA in cas 6.6.8

the remark >>> about antiviruses...). I would probably go with the Portqry. >>> >>> >>> >>> I don't use these tools myself (commonly testing just TCP connections), >>> so thanks in advance to let me know about the results... :) >>> >>

Re: [cas-user] Radius -MFA in cas 6.6.8

;> >> >> Petr >> >> >> >> __ >> > Od: "Vikash Chandra Ansh" >> > Komu: "Petr Bodnár" >> > Datum: 29.08.2023 22:05 >> > Předmět: Re: [cas-user]

Re: [cas-user] Radius -MFA in cas 6.6.8

Hi Vikash, I'm a bit confused now - because what you describe about pinging a Radius server seems to be just fine: you can see in the source code of *RadiusMultifactorAuthenticationProvider* (here

Re: [cas-user] Radius -MFA in cas 6.6.8

Not quite like that. From the linked source code (I haven't checked it live), its looks like "RadiusMultifactorAuthenticationProvider" (name of the class) is sent as both, username and password via the canPing method. On Tuesday, 29 August 2023 at 21:58:23 UTC+2 vikasha...@gmail.com wrote: > Th

Re: [cas-user] Radius -MFA in cas 6.6.8

Thanks for the clarification Peter. So you are saying that the username and password in canPing method radius server's inet address and shared secret respectively. On Wed, Aug 30, 2023, 1:15 AM Petr Bodnár wrote: > Hi Vikash, > > I'm a bit confused now - because what you describe about pinging

Re: [cas-user] Radius -MFA in cas 6.6.8

Hi All, I have digged down the flow for Radius token MFA. It is referring to a class RadiusMultifactorProvider where canPing() method is called. Which further calls the RadiusServer.java where authenticate method(CasRadiusResponse) is called. This method is now validating username and password ag

Re: [cas-user] Radius -MFA in cas 6.6.8

Hi Vikash, a) regarding the *NoClassDefFoundError* , can you please try to add the following dependency to your Gradle (or do you use Maven?) project configuration and see if its helps? https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.63 That's the library that should conta

Re: [cas-user] Radius -MFA in cas 6.6.8

Thanks, I'll check it out. On Thu, Aug 24, 2023, 8:00 PM Petr Bodnár wrote: > Hi Vikash, > > a) regarding the *NoClassDefFoundError* , can you please try to add the > following dependency to your Gradle (or do you use Maven?) project > configuration and see if its helps? > > https://mvnrepositor

Re: [cas-user] Radius -MFA in cas 6.6.8

Hi All, Please help here . Still the issue is not resolved yet On Tue, Aug 22, 2023, 2:18 PM Vikash Chandra Ansh wrote: > Hi All , > > One more.observation is that, I am getting authentication success and few > multifactor authentication bypass logs in server. However I haven't added > any bypa

Re: [cas-user] Radius -MFA in cas 6.6.8

Hi All , One more.observation is that, I am getting authentication success and few multifactor authentication bypass logs in server. However I haven't added any bypass mechanism Please someone help here. Thanks & Regards Vikash Chandra On Mon, Aug 21, 2023, 8:19 PM Vikash Chandra Ansh wrote:

Re: [cas-user] Radius -MFA in cas 6.6.8

Hi Peter and Ray, Thanks for your input. I have added the global trigger and set the value as mfa-radius. Now I am getting type mismatch error. Please find the logs below:- Ignoring the received exception (org.springframework.web.util.NestedServletException: Handler dispatch falled; nested exce

Re: [cas-user] Radius -MFA in cas 6.6.8

Vikash, as you haven't provided much details (e.g. what you actually see in the CAS UI and in CAS logs), I can only guess that maybe, you just only haven't *activated* the Radius MFA provider for example via the " *cas.authn.mfa.triggers.global.global-provider-id*" property - see https://apereo

Re: [cas-user] Radius -MFA in cas 6.6.8

Thanks Ray My LDAP authentication is working fine . On top of it I want Radius as 2FA, where I am struggling. Anybody please help here Thanks and regards Vikash Chandra On Thu, Aug 17, 2023, 11:24 PM Ray Bon wrote: > Vikash, > > I have these ldap properties for cas authentication: > > cas.aut

Re: [cas-user] Radius -MFA in cas 6.6.8

Vikash, I have these ldap properties for cas authentication: cas.authn.ldap[0].type= cas.authn.ldap[0].ldapUrl= cas.authn.ldap[0].connectTimeout= cas.authn.ldap[0].baseDn= cas.authn.ldap[0].subtreeSearch= cas.authn.ldap[0].searchFilter= cas.authn.ldap[0].bindDn=cn= cas.authn.ldap[0].bindCredentia

Re: [cas-user] Radius -MFA in cas 6.6.8

Hi Ray, Could you please suggest what all properties need to be enabled to use Radius as 2FA. My primary authentication will be LDAP Thanks and Regards Vikash Chandra On Thu, Aug 10, 2023, 2:27 PM Vikash Chandra Ansh wrote: > Hi Ray, > > We have NW change in place. There is UDP connectivity fr

Re: [cas-user] Radius -MFA in cas 6.6.8

Hi Ray, We have NW change in place. There is UDP connectivity from my cas server to radius server(unidirectional ) on port 1812 and 1813 . On Wed, Aug 9, 2023, 10:29 PM Ray Bon wrote: > Vikash, > > Is it possible there is a network issue? > > Ray > > On Tue, 2023-08-08 at 17:20 +0530, Vikash C

Re: [cas-user] Radius -MFA in cas 6.6.8

Vikash, Is it possible there is a network issue? Ray On Tue, 2023-08-08 at 17:20 +0530, Vikash Chandra Ansh wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi Everyone, We are trying to impleme

[cas-user] Radius -MFA in cas 6.6.8

Hi Everyone, We are trying to implement radius MFA in CAS. In our case our primary authentication will be LDAP and then for MFA we need RSA. I have also added dependency as cas-server-support-radius-mfa. I have added the required properties like client.inet-address and shared-secert. But still I