Forcing Duo by Service Provider
Cantor, Scott
cantor.2 at osu.edu
Wed Mar 29 20:35:33 EDT 2017
On 3/29/17, 8:29 PM, "users on behalf of Andrew Morgan" <users-bounces at shibboleth.net on behalf of morgan at orst.edu> wrote:
> On a related topic, can this be done for CAS services in Shibboleth? Is
> there a way to apply an override, perhaps by groupID, for a CAS service?
> I'm not aware of any way for a CAS service to request MFA itself.
Yes, Marvin or I at some point fixed the CASLoginConfiguration bean to inherit appropriately so you can set the defaultAuthenticationMethods property. Since there's no native CAS object to present the authentication used, we copied the AuthnContextClassRefPrincipal type from the SAML 2 bean so you just use that. Since there's no inbound request capability, setting it is defintive / not overrideable.
-- Scott
More information about the users
mailing list