MFA Trusted Device on 6.x
Visto 111 veces
Saltar al primer mensaje no leído
Matthew Gordon
6 may 2022, 14:39:196/5/22
a CAS Community
Does anyone actually have it working, even on an older version, and would not mind sharing what they had to do?
I've built CAS with:
support-ldap
support-git-service-registry
support-gauth,support-saml
support-saml-idp
support-oidc
support-couchbase-ticket-registry
support-trusted-mfa
support-trusted-mfa-rest
The configuration:
cas.authn.mfa.gauth.core.label=TEST
cas.authn.mfa.gauth.core.issuer=TESTMFA
cas.authn.mfa.trusted.crypto.encryption.key=[removed]
cas.authn.mfa.trusted.crypto.signing.key=[removed]
cas.authn.mfa.trusted.device-fingerprint.cookie.crypto.encryption.key=[removed]
cas.authn.mfa.trusted.device-fingerprint.cookie.crypto.signing.key=[removed]
cas.authn.mfa.triggers.principal.global-principal-attribute-name-triggers=memberOf
cas.authn.mfa.triggers.principal.global-principal-attribute-value-regex=.*MFA.+
cas.authn.mfa.gauth.rest.url=http://localhost/googleAuthenticator.php?
cas.authn.mfa.gauth.core.trusted-device-enabled=true
cas.authn.mfa.trusted.rest.url=http://localhost/trustedDevice.php?
cas.authn.mfa.trusted.core.auto-assign-device-name=true
cas.authn.mfa.gauth.crypto.encryption.key=[removed]
cas.authn.mfa.gauth.crypto.signing.key=[removed]
cas.authn.mfa.gauth.crypto.enabled=true
cas.authn.mfa.trusted.cleaner.schedule.enabled=false
cas.authn.mfa.trusted.device-fingerprint.cookie.comment=AUTH
cas.authn.mfa.trusted.device-fingerprint.cookie.max-age=36000
cas.authn.mfa.trusted.device-fingerprint.cookie.name=AUTH
cas.authn.mfa.trusted.device-fingerprint.client-ip.order=0
cas.authn.mfa.trusted.device-fingerprint.cookie.order=1
cas.authn.mfa.trusted.device-fingerprint.component-separator=@
cas.authn.mfa.trusted.device-fingerprint.geolocation.enabled=false
cas.authn.mfa.trusted.device-fingerprint.client-ip.enabled=true
cas.authn.mfa.trusted.device-fingerprint.cookie.enabled=true
cas.authn.mfa.gauth.core.issuer=TESTMFA
cas.authn.mfa.trusted.crypto.encryption.key=[removed]
cas.authn.mfa.trusted.crypto.signing.key=[removed]
cas.authn.mfa.trusted.device-fingerprint.cookie.crypto.encryption.key=[removed]
cas.authn.mfa.trusted.device-fingerprint.cookie.crypto.signing.key=[removed]
cas.authn.mfa.triggers.principal.global-principal-attribute-name-triggers=memberOf
cas.authn.mfa.triggers.principal.global-principal-attribute-value-regex=.*MFA.+
cas.authn.mfa.gauth.rest.url=http://localhost/googleAuthenticator.php?
cas.authn.mfa.gauth.core.trusted-device-enabled=true
cas.authn.mfa.trusted.rest.url=http://localhost/trustedDevice.php?
cas.authn.mfa.trusted.core.auto-assign-device-name=true
cas.authn.mfa.gauth.crypto.encryption.key=[removed]
cas.authn.mfa.gauth.crypto.signing.key=[removed]
cas.authn.mfa.gauth.crypto.enabled=true
cas.authn.mfa.trusted.cleaner.schedule.enabled=false
cas.authn.mfa.trusted.device-fingerprint.cookie.comment=AUTH
cas.authn.mfa.trusted.device-fingerprint.cookie.max-age=36000
cas.authn.mfa.trusted.device-fingerprint.cookie.name=AUTH
cas.authn.mfa.trusted.device-fingerprint.client-ip.order=0
cas.authn.mfa.trusted.device-fingerprint.cookie.order=1
cas.authn.mfa.trusted.device-fingerprint.component-separator=@
cas.authn.mfa.trusted.device-fingerprint.geolocation.enabled=false
cas.authn.mfa.trusted.device-fingerprint.client-ip.enabled=true
cas.authn.mfa.trusted.device-fingerprint.cookie.enabled=true
I'm pretty much not getting anywhere with any of the advanced MFA options, and it's kinda disappointing. I've even tried the in memory trusted device option to no avail.
Thank you,
Matt
Matt
Responder a todos
Responder al autor
Reenviar
0 mensajes nuevos