Multifactor Authentication Trusted Device/Browser Issue - no "MFATRUSTED" inside cookie

[Owen]

Hello: guys

I try to implement Multifactor Authentication Trusted Device/Browser function in my application.

The config in cas.properties has the following for this:

cas.authn.mfa.trusted.authenticationContextAttribute=isFromTrustedMultifactorAuthentication

cas.authn.mfa.trusted.deviceRegistrationEnabled=true

cas.authn.mfa.trusted.expiration=30

cas.authn.mfa.trusted.timeUnit=DAYS

When I try to log in, I only see the browser contain two cookies

JSESSIONID

org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE

So when the cas server try to generate the device finger print. it try to look for MFATRUSTED cookie in the request. but it can not be founded, so it use random string.

Since this is random string which is used to generate the device finger print, each time it will be different one, the register device function won't work at all.

Please help me what I should do.

Thanks

Owen

[Owen]

[Nono]

Hi Owen,

i had to add some parameters to the application.properties to make this feature work :

cas.authn.mfa.trusted.deviceFingerprint.cookie.name=MFATRUSTED #=> not sure this is needed
cas.authn.mfa.trusted.deviceFingerprint.cookie.domain=*****.****

cas.authn.mfa.trusted.deviceFingerprint.cookie.path=
cas.authn.mfa.trusted.deviceFingerprint.cookie.httpOnly=true
cas.authn.mfa.trusted.deviceFingerprint.cookie.secure=false