use GAuth and WebAuthN account profile without enabling account profile management

[Yan Zhou]

Hello,

CAS 7.3.1 overlay, I do Not want to enable account profile management for authenticated users (e.g., if they walked away from computer, someone else gets the hands on browser and start modifying user setting, just as one example), but I do want to use the existing GoogleAuth and WebAuthN account profile manage for the following. 

For an authenticated user, I create a new endpoint:  /updatemfa,  where they can modifying their desired MFA provider, for instance, some may enable simple-mfa via SMS and email, others may enable Google Authenticator -And- simple-mfa, yet others may enable WebAuthN (passkey).

The problem I run into is that WebAuthnAccountProfileWebflowConfiguration (Gauth is the same) is created with lowest order on @AutoConfigureOrder.

My custom updateMfaWebflowConfigurer gets initialized  BEFORE  WebAuthN and GAuthN,  I need it to be AFTER  WebAuthN and GAuthN initialization.   I tried the following @DependsOn,  the constructors are called in the right order, But, the doInitialize() function, that is the bulk of webflow configuration, still runs my CustomWebflow first, followed by Gauth and WebAuthN, the opposite order that I desire.

Any suggestions?

Thx!

@Bean(name = "enableMfaWebflowConfigurer")
@DependsOn({"defaultWebflowConfigurer","webAuthnMultifactorWebflowConfigurer", "googleAccountProfileWebflowConfigurer"})
public EnableMfaWebflowConfigurer enableMfaWebflowConfigurer() {
return new EnableMfaWebflowConfigurer(flowBuilderServices,
flowDefinitionRegistry,
applicationContext, casProperties);
}

@Configuration(value = "WebAuthnAccountProfileWebflowConfiguration", proxyBeanMethods = false)
@EnableConfigurationProperties(CasConfigurationProperties.class)
@ConditionalOnFeatureEnabled(feature = CasFeatureModule.FeatureCatalog.AccountManagement, enabledByDefault = false)
@AutoConfigureOrder(Ordered.LOWEST_PRECEDENCE)
static class WebAuthnAccountProfileWebflowConfiguration {

[Ray Bon]

I, too, have run into this; with no solution.

It would nice if the built-in configuration had an order in the middle.

Ray

---

From: cas-...@apereo.org <cas-...@apereo.org> on behalf of Yan Zhou <yana...@gmail.com>
Sent: January 16, 2026 12:21
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] use GAuth and WebAuthN account profile without enabling account profile management

 

--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2f79b569-9653-4854-9507-f76ef005ff1dn%40apereo.org.