Recommendations on mfa-gauth registration and removal strategies
82 views
Skip to first unread message
Y G
May 24, 2024, 7:54:09 AMMay 24
to CAS Community
Hello everyone,
After spending a week or two in documentation, thoroughly reading and learning about setting up CAS, i finally have the confidence and courage to register and write here.
I'd like to have some recommendations about setting up and removing gauth registration for a user, upon request.
1. I was thinking about gauth registration, i could do this by writing a small app, with service registry setting on cas to force mfa-gauth which first makes the user login with username and password, and then gauth registration details (qr and scratch codes) page appear, and user just registers there. For next logins on the other services, if user has a record of gauth (i.e looking up in the google_authenticator_registration_record table with username - on a JPA provided gauth-mfa) i'll provide some triggerring attributes on the principal. Is this thinking ok?
After spending a week or two in documentation, thoroughly reading and learning about setting up CAS, i finally have the confidence and courage to register and write here.
I'd like to have some recommendations about setting up and removing gauth registration for a user, upon request.
1. I was thinking about gauth registration, i could do this by writing a small app, with service registry setting on cas to force mfa-gauth which first makes the user login with username and password, and then gauth registration details (qr and scratch codes) page appear, and user just registers there. For next logins on the other services, if user has a record of gauth (i.e looking up in the google_authenticator_registration_record table with username - on a JPA provided gauth-mfa) i'll provide some triggerring attributes on the principal. Is this thinking ok?
2. I haven't figured out a way for users with gauth to unregister/disable/delete the gauth functionality, any recommendations for this? Another mini-app that deletes the reg-record of username and scratch codes?
Thank you and best regards.
YG
Ray Bon
May 24, 2024, 11:39:38 PMMay 24
to cas-...@apereo.org
Yusuf,
Is this what you are looking for, https://apereo.github.io/cas/7.0.x/registration/Account-Management-Overview.html#multifactor-registered-devices
Ray
On Fri, 2024-05-24 at 02:15 -0700, Y G wrote:
Y G
May 25, 2024, 10:30:37 AMMay 25
to CAS Community, Ray Bon
Thank you for the reference,
i'll start checking this out...
25 Mayıs 2024 Cumartesi tarihinde saat 06:39:38 UTC+3 itibarıyla Ray Bon şunları yazdı:
Reply all
Reply to author
Forward
0 new messages