Trigger or Bypass MFA
69 views
Skip to first unread message
livio dezorzi
Apr 27, 2026, 9:50:14 AMApr 27
to CAS Community
In a Zero Trust architecture, the internal network is no longer considered an area of absolute trust, especially if privileges are high there for some users.
I'd also like to find the best approach to apply Simple MFA to internal users. The public application is already configured if the user is in the appropriate "Argos" group (@class DefaultRegisteredServiceAccessStrategy), so is it possible to configure the DefaultRegisteredServiceMultifactorPolicy class to apply MFA if the user is also part of a new "Argos-MFA" group ?
I'd also like to find the best approach to apply Simple MFA to internal users. The public application is already configured if the user is in the appropriate "Argos" group (@class DefaultRegisteredServiceAccessStrategy), so is it possible to configure the DefaultRegisteredServiceMultifactorPolicy class to apply MFA if the user is also part of a new "Argos-MFA" group ?
Ray Bon
Apr 27, 2026, 1:25:50 PMApr 27
to cas-...@apereo.org
Livio,
Many MFA triggers allow a regex for the value.
If that does not work, you can use a groovy script [1].
Ray
[1]
https://apereo.github.io/cas/7.2.x/mfa/Configuring-Multifactor-Authentication-Triggers-Groovy.html
From: cas-...@apereo.org <cas-...@apereo.org> on behalf of livio dezorzi <livio....@gmail.com>
Sent: April 27, 2026 04:35
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] Trigger or Bypass MFA
Sent: April 27, 2026 04:35
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] Trigger or Bypass MFA
In a Zero Trust architecture, the internal network is no longer considered an area of absolute trust, especially if privileges are high there for some users.
I'd also like to find the best approach to apply Simple MFA to internal users. The public application is already configured if the user is in the appropriate "Argos" group (@class DefaultRegisteredServiceAccessStrategy), so is it possible to configure the DefaultRegisteredServiceMultifactorPolicy class to apply MFA if the user is also part of a new "Argos-MFA" group ?
I'd also like to find the best approach to apply Simple MFA to internal users. The public application is already configured if the user is in the appropriate "Argos" group (@class DefaultRegisteredServiceAccessStrategy), so is it possible to configure the DefaultRegisteredServiceMultifactorPolicy class to apply MFA if the user is also part of a new "Argos-MFA" group ?
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a4783c-2e91-4f0c-bf69-b4116992d87an%40apereo.org.
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a4783c-2e91-4f0c-bf69-b4116992d87an%40apereo.org.
Livio De Zorzi
Apr 28, 2026, 1:37:03 PMApr 28
to cas-...@apereo.org, cas-...@apereo.org
Hi Ray,
I used MFA triggers but i had an issue and I found my mistake. It was necessary to use the source attribute ldap instead of the friendly attribute.
Regards
Le 27 avr. 2026 à 19:25, 'Ray Bon' via CAS Community <cas-...@apereo.org> a écrit :
livio dezorzi
Apr 30, 2026, 11:50:43 AM (13 days ago) Apr 30
to CAS Community, Livio De Zorzi, cas-...@apereo.org
Hi,
Always on MFA, is it possible to modify the message. I use only adress mail to send the token and we want to simplify it ?
I searched in all the sources some words of the message without result.
Can we use a text in custom_messages.properties or other configuration ?
Ray Bon
Apr 30, 2026, 1:57:22 PM (13 days ago) Apr 30
to cas-...@apereo.org
Livio,
You can find that message in
We put all our overrides in a custom_messages.properties file that is in our src/main/resources folder.
Ray
Sent: April 29, 2026 23:31
To: CAS Community <cas-...@apereo.org>
Cc: Livio De Zorzi <livio....@gmail.com>; cas-...@apereo.org <cas-...@apereo.org>
Subject: Re: [cas-user] Trigger or Bypass MFA
To: CAS Community <cas-...@apereo.org>
Cc: Livio De Zorzi <livio....@gmail.com>; cas-...@apereo.org <cas-...@apereo.org>
Subject: Re: [cas-user] Trigger or Bypass MFA
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a6055d39-666f-4376-898b-5fb1223258f8n%40apereo.org.
Reply all
Reply to author
Forward
0 new messages