CAS experts,
We are running CAS 5.2. We MFA working fine with Google Authenticator which is stored in an MFA database. We are now trying to add in the Trusted device configuration. So we created a new database, mfatrusted. I assume we should not use the same database that we created for google auth. We know the database schema is getting created and it does create the following:
MariaDB [mfatrust]> show tables;
+--------------------------------------+
| Tables_in_mfatrust |
+--------------------------------------+
| MultifactorAuthenticationTrustRecord |
+--------------------------------------+
1 row in set (0.00 sec)
MariaDB [mfatrust]> select * from MultifactorAuthenticationTrustRecord;
Empty set (0.00 sec)
However, we now get a 500 error when trying to authenticate with mfa.
registerTrustedDevice' of flow 'mfa-gauth' -- action execution attributes were 'map[[empty]]'
…….
Caused by: java.sql.SQLException: Data too long for column 'recordKey' at row 1
Query is: insert into MultifactorAuthenticationTrustRecord (geography, name, principal, recordDate, recordKey) values (?, ?, ?, ?, ?), parameters ['144.89.41.210@Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko','Timdesktop','tyler','2018-03-13','eyJhbGciOiJIUzUxMiJ9.WlhsS05tRllRV2xQYVVwRlVsVlphVXhEU21oaVIyTnBUMmxLYTJGWVNXbE1RMHBzWW0xTmFVOXBTa0pOVkVrMFVUQktSRXhWYUZSTmFsVXlTVzR3TGk1c2RYSlROa0ZOYTJGemFFSkdZMDltYms5TlYzaEJMbVpIWjFNdFJHNUdTWEY2VW1kUWRHbDBSVUUyTnkwNVMwWnlXVmhsUVU0eE1EQkRPRVY1Y21Wa2FsTllaV1JRTTBOMGRtVnNRbFJIVVVab1dXcDZZM1k1WWpOUU1saGtVR1owZUc4NVZtRndSWFZhTkVJeVdtSTVjamt5TVRRNGNreE9VMDR3VGw5eGNVNXFNWGQzWm1GQ1ZXSlBlVXh4Y0hBM1JrSnFiR015TGs1T1dIRmpUbHBZTWxGaWQydDVXVkJUWkVob1NYYz0.DnGt3qqCV8ATGH1HhUFeR4UGCTqUJP5Gj3G2jbcZM7HgacEPuh6HYjY6AowW60dWf3mP_KDzw7CkQEQN_VvT0w']
Our config in cas.properties has the following for this:
# Trusted Device/Browser
cas.authn.mfa.trusted.authenticationContextAttribute=isFromTrustedMultifactorAuthentication
cas.authn.mfa.trusted.deviceRegistrationEnabled=true
cas.authn.mfa.trusted.expiration=30
cas.authn.mfa.trusted.timeUnit=DAYS
# cas.authn.mfa.trusted.crypto.encryption.key=
# cas.authn.mfa.trusted.crypto.signing.key=
# cas.authn.mfa.trusted.crypto.enabled=true
# CAS MFA Trusted Device
cas.authn.mfa.trusted.jpa.healthQuery=SELECT 1
cas.authn.mfa.trusted.jpa.url=jdbc:mariadb://cas.beloit.edu:3306/mfatrust
cas.authn.mfa.trusted.jpa.dialect=org.hibernate.dialect.MariaDBDialect
cas.authn.mfa.trusted.jpa.user=root
cas.authn.mfa.trusted.jpa.password=xxxxxxxx
cas.authn.mfa.trusted.jpa.driverClass=org.mariadb.jdbc.Driver
cas.authn.mfa.trusted.jpa.autocommit=true
##cas.authn.mfa.trusted.jpa.ddlAuto=create
cas.authn.mfa.trusted.jpa.ddlAuto=validate
Any idea what I might be missing? What should be set for cas.authn.mfa.trusted.jpa.healthQuery=
Tim Tyler
Network Engineer
Beloit College