[cas-user] enable risk-based Authentication

Mon, 13 Feb 2023 21:27:02 -0800 

Hello,

I'm trying to set up Risk-based Authentication (on CAS 6.5.9), but I can't 
figure out if it works or not (but I don't seem to). Following the 
documentation, I configure these modules in gradle :

          implementation "org.apereo.cas:cas-server-support-electrofence"
          implementation 
"org.apereo.cas:cas-server-support-trusted-mfa-redis"
          implementation "org.apereo.cas:cas-server-support-events-redis"
          implementation "org.apereo.cas:cas-server-support-geolocation"
          implementation 
"org.apereo.cas:cas-server-support-geolocation-maxmind"
          implementation "org.apereo.cas:cas-server-core-events"

And in case.properties :
cas.maxmind.country-database=/usr/share/GeoIP/GeoIP.dat
cas.authn.adaptive.policy.require-timed-multifactor[0].provider-id=mfa-yubikey
cas.authn.mfa.trusted.crypto.encryption.key=...
cas.authn.mfa.trusted.crypto.signing.key=...
cas.authn.mfa.trusted.device-fingerprint.cookie.crypto.encryption.key=...
cas.authn.mfa.trusted.device-fingerprint.cookie.crypto.signing.key=...
cas.authn.mfa.trusted.redis.host=localhost
cas.authn.mfa.trusted.redis.port=6379
cas.authn.mfa.trusted.redis.database=0
cas.authn.mfa.trusted.redis.enabled=true
cas.events.redis.host=localhost
cas.events.redis.enabled=true
cas.events.redis.database=0

I connected from different IP and browser, without result. I also tried to 
force the mfa at certain times: 
cas.authn.adaptive.policy.require-timed-multifactor[0].on-or-after-hour=20
cas.authn.adaptive.policy.require-timed-multifactor[0].on-or-before-hour=7

always the same. 

Logs :
[2023-02-13 22:08:00] [info] 
=============================================================
[2023-02-13 22:08:00] [info] WHO: audit:unknown
[2023-02-13 22:08:00] [info] WHAT: 
{source=RankedMultifactorAuthenticationProviderWebflowEventResolver, 
event=success, timestamp=Mon Feb 13 22:08:00 CET 2023}
[2023-02-13 22:08:00] [info] ACTION: AUTHENTICATION_EVENT_TRIGGERED
[2023-02-13 22:08:00] [info] APPLICATION: CAS
[2023-02-13 22:08:00] [info] WHEN: Mon Feb 13 22:08:00 CET 2023
[2023-02-13 22:08:00] [info] CLIENT IP ADDRESS: ....
[2023-02-13 22:08:00] [info] SERVER IP ADDRESS: ....
[2023-02-13 22:08:00] [info] 
=============================================================
...
[2023-02-13 22:08:05] [info] #033[32m2023-02-13 22:08:05,636 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN
[2023-02-13 22:08:05] [info] 
=============================================================
[2023-02-13 22:08:05] [info] WHO: usertest
[2023-02-13 22:08:05] [info] WHAT: 
[RememberMeUsernamePasswordCredential(super=UsernamePasswordCredential(username=usertest,
 
source=null, customFields={}), rememberMe=false)]
[2023-02-13 22:08:05] [info] ACTION: AUTHENTICATION_SUCCESS
[2023-02-13 22:08:05] [info] APPLICATION: CAS
[2023-02-13 22:08:05] [info] WHEN: Mon Feb 13 22:08:05 CET 2023
[2023-02-13 22:08:05] [info] CLIENT IP ADDRESS: ....
[2023-02-13 22:08:05] [info] SERVER IP ADDRESS: ....
[2023-02-13 22:08:05] [info] 
=============================================================
[2023-02-13 22:08:05] [info] >#033[m
[2023-02-13 22:08:05] [info] #033[32m2023-02-13 22:08:05,712 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN
[2023-02-13 22:08:05] [info] 
=============================================================
[2023-02-13 22:08:05] [info] WHO: usertest
[2023-02-13 22:08:05] [info] WHAT: TGT-1-*****VbkzpcWGqI-cas
[2023-02-13 22:08:05] [info] ACTION: TICKET_GRANTING_TICKET_CREATED
[2023-02-13 22:08:05] [info] APPLICATION: CAS
[2023-02-13 22:08:05] [info] WHEN: Mon Feb 13 22:08:05 CET 2023
[2023-02-13 22:08:05] [info] CLIENT IP ADDRESS: ....
[2023-02-13 22:08:05] [info] SERVER IP ADDRESS: ....
[2023-02-13 22:08:05] [info] 
=============================================================

Can someone tell me if I forgot something?

Regards,

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/80949868-dd80-4213-a0bb-9c9cebd02bc5n%40apereo.org.

Reply via email to