Hi Andy,
Took a while for me to dive deeper into it. In the end, approach 1 seems to
be the way to go for me. I haven't though about using the service access
strategy. So, thanks a lot for the pointer. Actually, the default strategy
seems to be sufficient already. I am thinking of using the
re
Hi Martin,
I have asked this before, see
here: https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/SXHIyRWqsT0
We have implemented that into our CAS code, however it is very customized
to our specific application, so unfortunately I cannot shared my current
setup in detail with you.
A 4th approach came to my mind:
- 4. Implementing a MFA with the first factor being the regular
pac4j/OAuth delegated auth and the second factor the automated database
check if the user is "known". That seems a bit over-engineered to me. What
do you think?
--
- Website: https: