cannot remove mfa gauth devices from account manager cas 7.3
33 views
Skip to first unread message
Frédéric Dussurget
Dec 10, 2025, 10:34:50 AMDec 10
to CAS Community
Hi all,
the context is mfa-composite (gauth+webauthn), redis (valkey actually), cas 7.3
in v7.3, a new remove button appeared (vs 7.2) in account manager/mfa devices manager, so that an user would remove his mfa devices.
It works well when removing a webauthn device, but not for a gauth device.
But, with curl on the gauthCredentialRepository endpoint, it's working : curl -k -X DELETE "https://localhost/cas/actuator/gauthCredentialRepository/username" -> the gauth device disappear from the account manager portal.
The gauth device looks like it's stored in the CAS-TOKEN_PRINCIPAL:username entry in the redis db, with a no limit expiration-date.
properties in this test are :
trusted-device-enabled: true
multiple-device-registration-enabled: false
device-registration-enabled: true
multiple-device-registration-enabled: false
device-registration-enabled: true
Regards,
Reply all
Reply to author
Forward
0 new messages