Disabling MFA on multiple Authentication providers

[Aaron Chantrill]

I'm using the cas.authn.mfa.duo[0].bypass.authentication-handler-name property to bypass DUO authentication for logins from a particular authentication provider. This is working.

Now I want to also bypass DUO authentication when using another provider, but adding an additional name to the bypass.authentication-handler-name property appears to disable that property. I don't see anything in the logs about it, but suddenly the first provider is asking for mfa again.

Same result when I add a second cas.authn.mfa.duo[0].bypass.authentication-handler-name line to cas.properties.

Does anyone know how to disable mfa for more than one provider?

I even tried the cas.authn.mfa.duo[0].bypass.groovy.location but there authentication is always listed as org.apereo.cas.authentication.DefaultAuthentication. I can't tell which provider was actually used.

Thank you!

[CAS Community]

In scenarios like this, it's immensely more helpful if you specify the CAS version you are working with, and the solution you have tried already that fails to deliver.

IIRC, the "authentication-handler-name" accepts regex patterns; so in theory, you should be able to construct a pattern that captures all providers and "OR"/bundle them together.