How to configure simple MFA to send the code using the rest method

[Emilian Mitocariu]

Hi, I would like to implement simple MFA with my CAS server and send code via the Signal messenger app. To achieve this I've installed this service https://morph027.gitlab.io/signal-web-gateway on my server that accepts requests like these:

curl -X POST -F "to=<my-phone-number>" -F "message=Test" http://localhost:5000

I'd like to use the REST method from simple MFA for sending text messages using a service like the one I've installed, but I'm not sure how the config for the REST request should look. This is my config for the base configs from MFA simple (I know this part works because I've used it with other SMS service providers):

cas.authn.mfa.globalProviderId=mfa-simple
cas.authn.mfa.simple.name=SMS 2FA
cas.authn.mfa.simple.order=1
cas.authn.mfa.simple.timeToKillInSeconds=180
cas.authn.mfa.simple.tokenLength=6

cas.authn.mfa.simple.sms.from=CAS
cas.authn.mfa.simple.sms.text=This is your CAS 2FA code: %s
cas.authn.mfa.simple.sms.attributeName=telephoneNumber

And for the REST request part I've tried this, but it doesn't work:

cas.smsProvider.rest.method=POST
cas.smsProvider.rest.url=http://localhost:5000

Logs don't give a lot of information, even on debug, only says that the mfa methods configured have failed to send the code. I'm thinking that maybe I need to set the "to" and "message" attributes into the REST request but not sure how this should look. Can someone help me or at least give me some pointers?

[Emilian Mitocariu]

Update: the service I'm using to send the Signal messages also accepts this kind of requests:

curl -X POST -d '{"message":"foo"}' http://localhost:5000/json/<phone-number>

Here's more details: https://morph027.gitlab.io/signal-web-gateway/usage/

[Stewart]

Did you ever get this working?  I can't seem to get CAS to recognize the sms rest provider at all...(or Clickatell or Groovy)....

[Emilian Mitocariu]

For my particular case I was able to make CAS to send requests to the Signal service, but not one that the Signal service knew what to do with it. So I had to create a simple webserver (as a proxy/translator) in the middle of CAS and the Signal service. Note: this is the type of request sent by the rest method (https://apereo.github.io/cas/6.1.x/notifications/SMS-Messaging-Configuration.html#rest), so make sure your provider expects that kind of request.

I've also managed to send SMS messages with nexmo, if you're interested I could show you the config for that.

[Stewart Alpert]

Thank you very much for the reply.  Good to hear it’s possible...so far I can’t seem to get CAS to recognize that I have any SMS providers configured (and it complains about that), despite having tried several.....

It would be good to see any configuration examples you’d be willing to share with me.

On Fri, Mar 13, 2020 at 12:50 AM Emilian Mitocariu <mitocari...@gmail.com> wrote:

For my particular case I was able to make CAS to send requests to the Signal service, but not one that the Signal service knew what to do with it. So I had to create a simple webserver (as a proxy/translator) in the middle of CAS and the Signal service. Note: this is the type of request sent by the rest method (https://apereo.github.io/cas/6.1.x/notifications/SMS-Messaging-Configuration.html#rest), so make sure your provider expects that kind of request.

I've also managed to send SMS messages with nexmo, if you're interested I could show you the config for that.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/780d754a-dcc5-4062-9d3c-79a3ebdb3187%40apereo.org.

[Emilian Mitocariu]

Sorry for late response I've been busy at the office.

So if you want to use one of the "officially" supported sms providers like nexmo, you first need to build CAS with support for simple mfa and nexmo. The dependencies for that are:

compile "org.apereo.cas:cas-server-support-simple-mfa:${project.'cas.version'}"
compile "org.apereo.cas:cas-server-support-sms-nexmo:${project.'cas.version'}"
1. I'm specifying this part as well as you said CAS complained about not having a sms provider configured, but can't tell for sure without any logs. As for the configuration on my case I was getting the phone number from LDAP with:

cas.authn.ldap[0].principalAttributeList=mail,telephoneNumber

And this is the whole 2FA config:

cas.authn.mfa.globalProviderId=mfa-simple
cas.authn.mfa.simple.name=SMS 2FA
cas.authn.mfa.simple.order=1
cas.authn.mfa.simple.timeToKillInSeconds=180
cas.authn.mfa.simple.tokenLength=6


cas.authn.mfa.simple.sms.from=CAS
cas.authn.mfa.simple.sms.text=This is your CAS 2FA code: %s
cas.authn.mfa.simple.sms.attributeName=

telephoneNumber


cas.smsProvider.nexmo.apiToken=<apiToken>
cas.smsProvider.nexmo.apiSecret=<apiSecret>