trigger mfa only when a user has registered at least one device ?
15 views
Skip to first unread message
Frédéric Dussurget
Dec 19, 2025, 10:27:12 AM (8 days ago) Dec 19
to CAS Community
Hi,
in cas 7.2(or 7.3), is there a way to trigger mfa gauth totp only when a user has registered at least one totp gauth device ? (cas 7.x, redis, mfa-gauth)
more info :
Actually I achieved to do that by using the gauth actuator endpoint (only allowing requests from localhost with monitor.endpoints.endpoint.gauthCredentialRepository) within a groovy script, but there might be a more elegant way to check if a user has alredy registered a device in the gauth repo using groovy contexts as authentication, principal, registeredService, provider, logger, httpRequest etc etc. but I didn't find anything ... it might be too early in the workflow for the groovy to have access to these informations just after the first basic auth ?
I tried at several steps : cas.authn.mfa.groovy-script.location, cas.authn.mfa.provider-selection.provider-selector-groovy-script.location, cas.authn.mfa.gauth.bypass.groovy.location but I just couldn't find the data I want ... Any idea ? Thanks a lot
Happy holidays,
in cas 7.2(or 7.3), is there a way to trigger mfa gauth totp only when a user has registered at least one totp gauth device ? (cas 7.x, redis, mfa-gauth)
more info :
Actually I achieved to do that by using the gauth actuator endpoint (only allowing requests from localhost with monitor.endpoints.endpoint.gauthCredentialRepository) within a groovy script, but there might be a more elegant way to check if a user has alredy registered a device in the gauth repo using groovy contexts as authentication, principal, registeredService, provider, logger, httpRequest etc etc. but I didn't find anything ... it might be too early in the workflow for the groovy to have access to these informations just after the first basic auth ?
I tried at several steps : cas.authn.mfa.groovy-script.location, cas.authn.mfa.provider-selection.provider-selector-groovy-script.location, cas.authn.mfa.gauth.bypass.groovy.location but I just couldn't find the data I want ... Any idea ? Thanks a lot
Happy holidays,
Reply all
Reply to author
Forward
0 new messages