spring.security.user.name=XXX
spring.security.user.password=YYY
cas.monitor.endpoints.endpoint.webAuthnDevices.access=AUTHENTICATED
Security filter chain: [
ChannelProcessingFilter
WebAsyncManagerIntegrationFilter
CorsFilter
CsrfFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
ExceptionTranslationFilter
AuthorizationFilter
]And the chain with the spring security settings as above:
Security filter chain: [
ChannelProcessingFilter
WebAsyncManagerIntegrationFilter
CorsFilter
CsrfFilter
BasicAuthenticationFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
ExceptionTranslationFilter
AuthorizationFilter
]
monitor:
endpoints:
endpoint:
defaults:
access: AUTHENTICATED
health:
access: IP_ADDRESS
requiredIpAddresses: xx.yy.www.zz, aa.bb.cc.dd,etc.[...]registeredServices:
access: IP_ADDRESS
requiredIpAddresses: xx.yy.www.zz, aa.bb.cc.dd,etc.
importRegisteredServices:
access: IP_ADDRESS
requiredIpAddresses: xx.yy.www.zz, aa.bb.cc.dd,etc.[...]management:
endpoints:
web:
exposure:
include: '*'
enabled-by-default: true
Hi Graham,I gave it a try this morning (but on branch master 7.0.0-SNAPSHOT) and ... it's eventually working great :) Thanks to Misagh and the dev team !What I've done is removing every workaround we did on this topic : removed config/WebAuthnConfiguration.java + webauthn/web/WebAuthnController.java, removed the extra pack of deps linked to those two files, flushed my dev db and imported just one mfa-webauthn service, removed custom theme and finally recompiled and restarted tomcat10 (mine is not bundled, it is marked as external thru gradle.properties). I can now register my fido2 device and then login without any error.build.gradle linked deps :
// MFA FIDO2 WEBAUTHN
implementation "org.apereo.cas:cas-server-support-webauthn:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-webauthn-redis:${project.'cas.version'}"
cas.yml :web-authn:
core:
relying-party-id: mydomain.fr
relying-party-name: mynickname
allowed-origins: https://cas.mydomain.fr
trusted-device-enabled: false
application-id: https://www.mydomain.fr
// MFA FIDO2 WEBAUTHN
implementation "org.apereo.cas:cas-server-support-webauthn:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-webauthn-redis:${project.'cas.version'}"
relying-party-name: mynickname
allowed-origins: https://cas.mydomain.fr
trusted-device-enabled: false
application-id: https://www.mydomain.fr